From 305aa40922c22ee87b017681b9a241b72098224f Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 28 Oct 2020 08:16:05 -0400
Subject: profile fixes

---
 etc/profile-a-l/clementine.profile | 9 ++++++++-
 etc/profile-m-z/ping.profile       | 3 +++
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'etc')

diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index 4d92157d0..387b5f0a7 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -12,22 +12,29 @@ noblacklist ${MUSIC}
 
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
 include whitelist-var-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
 
+apparmor
 caps.drop all
 nonewprivs
 noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 # blacklisting of ioprio_set system calls breaks clementine
 seccomp !ioprio_set
 
 private-dev
 private-tmp
+
+dbus-system none
+# dbus-user none
diff --git a/etc/profile-m-z/ping.profile b/etc/profile-m-z/ping.profile
index 3ef8ad64a..bd95cb1de 100644
--- a/etc/profile-m-z/ping.profile
+++ b/etc/profile-m-z/ping.profile
@@ -54,3 +54,6 @@ private-tmp
 
 # memory-deny-write-execute is built using seccomp; nonewprivs will kill it
 #memory-deny-write-execute
+
+dbus-user none
+dbus-system none
-- 
cgit v1.2.3-70-g09d2