From 6adebbf5a6d0be4af503d5b1ef6485bd552b0cb3 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Sat, 29 Jun 2019 14:24:36 +0200
Subject: harden bsdtar profile (net none, x11 none)

---
 etc/bsdtar.profile | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'etc')

diff --git a/etc/bsdtar.profile b/etc/bsdtar.profile
index 1f7a02c2b..1411ce7bd 100644
--- a/etc/bsdtar.profile
+++ b/etc/bsdtar.profile
@@ -6,8 +6,6 @@ include bsdtar.local
 # Persistent global definitions
 include globals.local
 
-blacklist /tmp/.X11-unix
-
 include disable-common.inc
 # include disable-devel.inc
 include disable-exec.inc
@@ -20,7 +18,7 @@ caps.drop all
 hostname bsdtar
 ipc-namespace
 machine-id
-netfilter
+net none
 no3d
 nodvd
 nodbus
@@ -35,6 +33,7 @@ protocol unix
 seccomp
 shell none
 tracelog
+x11 none
 
 # support compressed archives
 private-bin bash,bsdcat,bsdcpio,bsdtar,bzip2,compress,gtar,gzip,lbzip2,libarchive,lz4,lzip,lzma,lzop,sh,xz
-- 
cgit v1.2.3-54-g00ecf