From 9690ce753bb75169de4bd013c1c7064036323ec2 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Sat, 23 Sep 2023 01:43:43 +0000
Subject: mocp: hardening (#6017)

---
 etc/profile-m-z/mocp.profile | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'etc/profile-m-z')

diff --git a/etc/profile-m-z/mocp.profile b/etc/profile-m-z/mocp.profile
index 7937ad65e..0a5e4255a 100644
--- a/etc/profile-m-z/mocp.profile
+++ b/etc/profile-m-z/mocp.profile
@@ -10,15 +10,24 @@ include globals.local
 noblacklist ${HOME}/.moc
 noblacklist ${MUSIC}
 
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-proc.inc
 include disable-programs.inc
 include disable-xdg.inc
 
-include whitelist-usr-share-common.inc
+mkdir ${HOME}/.moc
+whitelist ${HOME}/.moc
+whitelist ${MUSIC}
+include whitelist-common.inc
+include whitelist-run-common.inc
 include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
 apparmor
@@ -30,12 +39,14 @@ nodvd
 nogroups
 noinput
 nonewprivs
+noprinters
 noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6,netlink
+protocol unix,inet,inet6
 seccomp
+seccomp.block-secondary
 tracelog
 
 private-bin mocp
-- 
cgit v1.2.3-70-g09d2