From a5870f43a0a7217fcadb090c07daa6dc03acab83 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 8 Feb 2020 00:40:34 +0000
Subject: harden makepkg.profile

---
 etc/makepkg.profile | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'etc/makepkg.profile')

diff --git a/etc/makepkg.profile b/etc/makepkg.profile
index 0120fc2cd..513fcae55 100644
--- a/etc/makepkg.profile
+++ b/etc/makepkg.profile
@@ -6,6 +6,9 @@ include makepkg.local
 # Persistent global definitions
 include globals.local
 
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
 # Note: see this Arch forum discussion https://bbs.archlinux.org/viewtopic.php?pid=1743138
 # for potential issues and their solutions when Firejailing makepkg
 
@@ -33,6 +36,7 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 
 caps.drop all
+machine-id
 ipc-namespace
 netfilter
 no3d
@@ -42,13 +46,16 @@ nonewprivs
 # noroot is only disabled to allow the creation of kernel headers from an official PKGBUILD.
 #noroot
 nosound
+nou2f
 notv
 novideo
 protocol unix,inet,inet6
 seccomp
 shell none
+tracelog
 
 disable-mnt
+private-cache
 private-tmp
 
 memory-deny-write-execute
-- 
cgit v1.2.3-70-g09d2