From ec44e1d8ca29dd023f20a64eb65a56e7d869af76 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 21 Dec 2022 23:39:42 +0000
Subject: clarify that duplicated blacklisting of /proc/config.gz is
 intentional (#5548)

* add comment on intentional duplication of blacklisted kernel configuration

* disable-proc.inc: update the duplication comment

* disable-common.inc: add duplication notice for kernel configuration
---
 etc/inc/disable-common.inc | 2 +-
 etc/inc/disable-proc.inc   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'etc/inc')

diff --git a/etc/inc/disable-common.inc b/etc/inc/disable-common.inc
index fb3c823fc..44e45d416 100644
--- a/etc/inc/disable-common.inc
+++ b/etc/inc/disable-common.inc
@@ -620,7 +620,7 @@ blacklist ${HOME}/mail
 blacklist ${HOME}/postponed
 blacklist ${HOME}/sent
 
-# kernel configuration
+# kernel configuration - keep this here although it's also in disable-proc.inc
 blacklist /proc/config.gz
 
 # prevent DNS malware attempting to communicate with the server using regular DNS tools
diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
index 81a8883f3..7cb1ec2ab 100644
--- a/etc/inc/disable-proc.inc
+++ b/etc/inc/disable-proc.inc
@@ -8,7 +8,7 @@ blacklist /proc/bootconfig
 blacklist /proc/buddyinfo
 blacklist /proc/cgroups
 blacklist /proc/cmdline
-blacklist /proc/config.gz
+blacklist /proc/config.gz # keep this here even though it's also in disable-common.inc
 blacklist /proc/consoles
 #blacklist /proc/cpuinfo
 blacklist /proc/crypto
-- 
cgit v1.2.3-54-g00ecf