From a9c1a56bc21c6f583292f0f543673730c5737c1b Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Fri, 30 Apr 2021 10:34:38 +0200
Subject: Harden some game profiles

---
 etc/profile-m-z/neverball.profile | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'etc/profile-m-z/neverball.profile')

diff --git a/etc/profile-m-z/neverball.profile b/etc/profile-m-z/neverball.profile
index 84c634549..5c7c2b3da 100644
--- a/etc/profile-m-z/neverball.profile
+++ b/etc/profile-m-z/neverball.profile
@@ -14,13 +14,19 @@ include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
 
 mkdir ${HOME}/.neverball
 whitelist ${HOME}/.neverball
+whitelist /usr/share/neverball
 include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
 
 caps.drop all
-netfilter
+net none
 nodvd
 nogroups
 nonewprivs
@@ -28,12 +34,18 @@ noroot
 notv
 nou2f
 novideo
-protocol unix,netlink
+protocol unix
 seccomp
+seccomp.block-secondary
 shell none
+tracelog
 
 disable-mnt
 private-bin neverball
+private-cache
 private-dev
+private-etc alternatives,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,fonts,machine-id
 private-tmp
 
+dbus-user none
+dbus-system none
-- 
cgit v1.2.3-70-g09d2