From deb6c12454191b7aeff3d259612a00427d1aa6a1 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 9 Jul 2020 10:49:17 +0000
Subject: hardening some profiles (#3505)

* hardening some profiles

 - harden and fix flameshot
 - wruc: frogatto, ghostwriter
 - harden gnome-latex
 - add whitelist opt-in note to keepassxc
 - add comment to minetest
 - harden openarena, tremulous, xonotic
 - add profile for xonotic-sdl-wrapper

* followup
---
 etc/profile-m-z/openarena.profile | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'etc/profile-m-z/openarena.profile')

diff --git a/etc/profile-m-z/openarena.profile b/etc/profile-m-z/openarena.profile
index 3b15a6e42..45682fc31 100644
--- a/etc/profile-m-z/openarena.profile
+++ b/etc/profile-m-z/openarena.profile
@@ -16,30 +16,35 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.openarena
+whitelist ${HOME}/.openarena
+whitelist /usr/share/openarena
+include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.in
 include whitelist-var-common.inc
 
 apparmor
 caps.drop all
-# ipc-namespace
-# netfilter
-# nodvd
-# nogroups
+netfilter
+nodvd
+nogroups
 nonewprivs
 noroot
 notv
-# nou2f
+nou2f
 novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
-# tracelog
+tracelog
 
-# disable-mnt
-# private-bin openarena
+disable-mnt
+private-bin bash,cut,glxinfo,grep,head,openarena,openarena_ded,quake3,zenity
 private-cache
 private-dev
-# private-etc drirc,machine-id,openal,passwd,selinux,udev,xdg
+private-etc drirc,machine-id,openal,passwd,selinux,udev,xdg
 private-tmp
 
-# dbus-user none
-# dbus-system none
+dbus-user none
+dbus-system none
-- 
cgit v1.2.3-54-g00ecf