From af2b81b6129023a94eb23e65f63c3b8c675b779c Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sun, 10 Apr 2022 17:48:29 +0200
Subject: unbound: fixes, blacklist all of ${RUNUSER}

---
 etc/profile-m-z/unbound.profile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'etc/profile-m-z')

diff --git a/etc/profile-m-z/unbound.profile b/etc/profile-m-z/unbound.profile
index e8424cd7d..ef43ee822 100644
--- a/etc/profile-m-z/unbound.profile
+++ b/etc/profile-m-z/unbound.profile
@@ -10,7 +10,7 @@ noblacklist /sbin
 noblacklist /usr/sbin
 
 blacklist /tmp/.X11-unix
-blacklist ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}
 
 include disable-common.inc
 include disable-devel.inc
@@ -19,8 +19,11 @@ include disable-interpreters.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+whitelist /usr/share/dns
 include whitelist-usr-share-common.inc
 
+whitelist /var/lib/ca-certificates
+read-only /var/lib/ca-certificates
 whitelist /var/lib/unbound
 whitelist /var/run
 
@@ -48,5 +51,4 @@ writable-var
 dbus-user none
 dbus-system none
 
-# mdwe can break modules/plugins
 memory-deny-write-execute
-- 
cgit v1.2.3-70-g09d2