From da2a3fd0d1780fe7751f33cd9628879a78669118 Mon Sep 17 00:00:00 2001
From: rusty-snake <print_hello_world+Public@protonmail.com>
Date: Sun, 12 May 2019 12:53:46 +0200
Subject: harden & fix xiphos.profile

---
 etc/xiphos.profile | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'etc/xiphos.profile')

diff --git a/etc/xiphos.profile b/etc/xiphos.profile
index 3ad03e2c6..33056395e 100644
--- a/etc/xiphos.profile
+++ b/etc/xiphos.profile
@@ -13,6 +13,7 @@ noblacklist ${HOME}/.xiphos
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
@@ -20,8 +21,11 @@ include disable-programs.inc
 whitelist ${HOME}/.sword
 whitelist ${HOME}/.xiphos
 include whitelist-common.inc
+include whitelist-var-common.inc
 
+apparmor
 caps.drop all
+machine-id
 netfilter
 nodvd
 nogroups
@@ -36,7 +40,9 @@ seccomp
 shell none
 tracelog
 
+disable-mnt
 private-bin xiphos
+private-cache
 private-dev
-private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssl,pki,crypto-policies
+private-etc alternatives,fonts,resolv.conf,sword,ca-certificates,ssli,sword.conf,pki,crypto-policies
 private-tmp
-- 
cgit v1.2.3-54-g00ecf