From 71e36997587dfb45b6b688cf1bb9673ab34159cc Mon Sep 17 00:00:00 2001 From: rusty-snake <41237666+rusty-snake@users.noreply.github.com> Date: Sun, 21 Mar 2021 21:02:36 +0100 Subject: Rename chromium-common-hardened and feh-network … MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit …again I am still not really happy about the rename from #4028, #4029, #4030 and #4031. I've no problem with moving away .inc but I don't like the result. So here's a proposal to make this better: | NAME | DESCRIPTION | | ------------------------- | ------------------------------------------------------------ | | `*-addons.profile` | (include) Allow external addons | | `*-common.profile` | (include) Common parts across multiple profiles | | `*-hardened.inc.profile` | Further hardening which can not be made default | | `*-network.inc.profile` | Allow optional network access | | `*-whitelist.inc.profile` | Enabled whitelisting (which can not be made default) ¹ | | `*.inc.profile` | Other profile specific includes | | `*.profile` | A profile for a program | | `allow-*.inc` | Multiple `noblacklist`s that should always be used together | | `disable-*.inc` | `blacklist`ing | | `whitelist-*-common.inc` | common `whitelist`s | | `*.inc` | Other generic includes | | `globals.local` | User overrides for all profiles | | `*.local` | Per profile user overrides | ¹ can be used for programs like KeePassXC or editors. --- etc/profile-a-l/chromium-common-hardened.inc.profile | 9 +++++++++ etc/profile-a-l/chromium-common-hardened.profile | 9 --------- etc/profile-a-l/feh-network.inc.profile | 8 ++++++++ etc/profile-a-l/feh-network.profile | 8 -------- 4 files changed, 17 insertions(+), 17 deletions(-) create mode 100644 etc/profile-a-l/chromium-common-hardened.inc.profile delete mode 100644 etc/profile-a-l/chromium-common-hardened.profile create mode 100644 etc/profile-a-l/feh-network.inc.profile delete mode 100644 etc/profile-a-l/feh-network.profile (limited to 'etc/profile-a-l') diff --git a/etc/profile-a-l/chromium-common-hardened.inc.profile b/etc/profile-a-l/chromium-common-hardened.inc.profile new file mode 100644 index 000000000..19addd285 --- /dev/null +++ b/etc/profile-a-l/chromium-common-hardened.inc.profile @@ -0,0 +1,9 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include chromium-common-hardened.inc.local + +caps.drop all +nonewprivs +noroot +protocol unix,inet,inet6,netlink +seccomp !chroot diff --git a/etc/profile-a-l/chromium-common-hardened.profile b/etc/profile-a-l/chromium-common-hardened.profile deleted file mode 100644 index d756eec50..000000000 --- a/etc/profile-a-l/chromium-common-hardened.profile +++ /dev/null @@ -1,9 +0,0 @@ -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. -include chromium-common-hardened.local - -caps.drop all -nonewprivs -noroot -protocol unix,inet,inet6,netlink -seccomp !chroot diff --git a/etc/profile-a-l/feh-network.inc.profile b/etc/profile-a-l/feh-network.inc.profile new file mode 100644 index 000000000..690b39171 --- /dev/null +++ b/etc/profile-a-l/feh-network.inc.profile @@ -0,0 +1,8 @@ +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include feh-network.inc.local + +ignore net none +netfilter +protocol unix,inet,inet6 +private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl diff --git a/etc/profile-a-l/feh-network.profile b/etc/profile-a-l/feh-network.profile deleted file mode 100644 index f35facd64..000000000 --- a/etc/profile-a-l/feh-network.profile +++ /dev/null @@ -1,8 +0,0 @@ -# This file is overwritten during software install. -# Persistent customizations should go in a .local file. -include feh-network.local - -ignore net none -netfilter -protocol unix,inet,inet6 -private-etc ca-certificates,crypto-policies,hosts,pki,resolv.conf,ssl -- cgit v1.2.3-54-g00ecf