From 1f9c96d75b61cb8d0e568af973a7548df16c385c Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sun, 9 Feb 2020 17:03:46 +0100
Subject: harden wine

---
 etc/disable-programs.inc | 1 +
 etc/wine.profile         | 4 ++++
 2 files changed, 5 insertions(+)

(limited to 'etc')

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 415b3beb6..02751a818 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -701,6 +701,7 @@ blacklist ${HOME}/.xpdfrc
 blacklist ${HOME}/.zoom
 blacklist /tmp/akonadi-*
 blacklist /tmp/ssh-*
+blacklist /tmp/.wine-*
 blacklist /var/games/nethack
 blacklist /var/games/slashem
 blacklist /var/games/vulturesclaw
diff --git a/etc/wine.profile b/etc/wine.profile
index 67e3952e1..901340052 100644
--- a/etc/wine.profile
+++ b/etc/wine.profile
@@ -11,6 +11,7 @@ noblacklist ${HOME}/.local/share/Steam
 noblacklist ${HOME}/.local/share/steam
 noblacklist ${HOME}/.steam
 noblacklist ${HOME}/.wine
+noblacklist /tmp/.wine-*
 
 include disable-common.inc
 include disable-devel.inc
@@ -18,6 +19,8 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
+include whitelist-var-common.inc
+
 # some applications don't need allow-debuggers, comment the next line
 # if it is not necessary (or put 'ignore allow-debuggers' in your wine.local)
 allow-debuggers
@@ -28,6 +31,7 @@ nodvd
 nogroups
 nonewprivs
 noroot
+# nosound
 notv
 # novideo
 seccomp
-- 
cgit v1.2.3-70-g09d2