From 23f6bb9e2f3e6cc45f08205da2e1f1a7e35bc2ab Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Thu, 9 Sep 2021 17:06:23 +0200
Subject: Create disable-proc.inc

---
 etc/inc/disable-proc.inc       | 79 ++++++++++++++++++++++++++++++++++++++++++
 etc/templates/profile.template |  1 +
 2 files changed, 80 insertions(+)
 create mode 100644 etc/inc/disable-proc.inc

(limited to 'etc')

diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
new file mode 100644
index 000000000..8bc9f03c5
--- /dev/null
+++ b/etc/inc/disable-proc.inc
@@ -0,0 +1,79 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include disable-proc.local
+
+blacklist /proc/acpi
+blacklist /proc/asound
+blacklist /proc/bootconfig
+blacklist /proc/buddyinfo
+blacklist /proc/cgroups
+blacklist /proc/cmdline
+blacklist /proc/config.gz
+blacklist /proc/consoles
+#blacklist /proc/cpuinfo
+blacklist /proc/crypto
+blacklist /proc/devices
+blacklist /proc/diskstats
+blacklist /proc/dma
+blacklist /proc/driver
+blacklist /proc/dynamic_debug
+blacklist /proc/execdomains
+blacklist /proc/fb
+blacklist /proc/filesystems
+blacklist /proc/fs
+blacklist /proc/i8k
+blacklist /proc/interrupts
+blacklist /proc/iomem
+blacklist /proc/ioports
+blacklist /proc/irq
+blacklist /proc/kallsyms
+blacklist /proc/kcore
+blacklist /proc/keys
+blacklist /proc/key-users
+blacklist /proc/kmsg
+blacklist /proc/kpagecgroup
+blacklist /proc/kpagecount
+blacklist /proc/kpageflags
+blacklist /proc/latency_stats
+blacklist /proc/loadavg
+blacklist /proc/locks
+blacklist /proc/mdstat
+#blacklist /proc/meminfo
+blacklist /proc/misc
+blacklist /proc/modules
+#blacklist /proc/mounts
+blacklist /proc/mtrr
+#blacklist /proc/net
+blacklist /proc/partitions
+blacklist /proc/pressure
+blacklist /proc/sched_debug
+blacklist /proc/schedstat
+blacklist /proc/scsi
+#blacklist /proc/self
+blacklist /proc/slabinfo
+blacklist /proc/softirqs
+blacklist /proc/spl
+blacklist /proc/stat
+blacklist /proc/swaps
+#blacklist /proc/sys
+blacklist /proc/sysrq-trigger
+blacklist /proc/sysvipc
+#blacklist /proc/thread-self
+blacklist /proc/timer_list
+blacklist /proc/tty
+blacklist /proc/uptime
+blacklist /proc/version
+blacklist /proc/version_signature
+blacklist /proc/vmallocinfo
+blacklist /proc/vmstat
+blacklist /proc/zoneinfo
+
+blacklist /proc/sys/abi
+blacklist /proc/sys/crypto
+blacklist /proc/sys/debug
+#blacklist /proc/sys/dev
+#blacklist /proc/sys/fs
+#blacklist /proc/sys/kernel
+#blacklist /proc/sys/net
+blacklist /proc/sys/user
+#blacklist /proc/sys/vm
diff --git a/etc/templates/profile.template b/etc/templates/profile.template
index e580a0c0c..049a41328 100644
--- a/etc/templates/profile.template
+++ b/etc/templates/profile.template
@@ -116,6 +116,7 @@ include globals.local
 #include disable-devel.inc
 #include disable-exec.inc
 #include disable-interpreters.inc
+#include disable-proc.inc
 #include disable-programs.inc
 #include disable-shell.inc
 #include disable-write-mnt.inc
-- 
cgit v1.2.3-54-g00ecf


From bf99956810e979fc2944db046b802d97b4584f26 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Fri, 10 Sep 2021 18:59:26 +0200
Subject: Update disable-proc.inc

---
 etc/inc/disable-proc.inc | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
index 8bc9f03c5..ce13fde3a 100644
--- a/etc/inc/disable-proc.inc
+++ b/etc/inc/disable-proc.inc
@@ -15,11 +15,11 @@ blacklist /proc/crypto
 blacklist /proc/devices
 blacklist /proc/diskstats
 blacklist /proc/dma
-blacklist /proc/driver
+#blacklist /proc/driver
 blacklist /proc/dynamic_debug
 blacklist /proc/execdomains
 blacklist /proc/fb
-blacklist /proc/filesystems
+#blacklist /proc/filesystems
 blacklist /proc/fs
 blacklist /proc/i8k
 blacklist /proc/interrupts
@@ -35,12 +35,12 @@ blacklist /proc/kpagecgroup
 blacklist /proc/kpagecount
 blacklist /proc/kpageflags
 blacklist /proc/latency_stats
-blacklist /proc/loadavg
+#blacklist /proc/loadavg
 blacklist /proc/locks
 blacklist /proc/mdstat
 #blacklist /proc/meminfo
 blacklist /proc/misc
-blacklist /proc/modules
+#blacklist /proc/modules
 #blacklist /proc/mounts
 blacklist /proc/mtrr
 #blacklist /proc/net
@@ -53,7 +53,7 @@ blacklist /proc/scsi
 blacklist /proc/slabinfo
 blacklist /proc/softirqs
 blacklist /proc/spl
-blacklist /proc/stat
+#blacklist /proc/stat
 blacklist /proc/swaps
 #blacklist /proc/sys
 blacklist /proc/sysrq-trigger
@@ -61,12 +61,12 @@ blacklist /proc/sysvipc
 #blacklist /proc/thread-self
 blacklist /proc/timer_list
 blacklist /proc/tty
-blacklist /proc/uptime
-blacklist /proc/version
+#blacklist /proc/uptime
+#blacklist /proc/version
 blacklist /proc/version_signature
 blacklist /proc/vmallocinfo
-blacklist /proc/vmstat
-blacklist /proc/zoneinfo
+#blacklist /proc/vmstat
+#blacklist /proc/zoneinfo
 
 blacklist /proc/sys/abi
 blacklist /proc/sys/crypto
-- 
cgit v1.2.3-54-g00ecf


From dd2a6c54afb6669a6a9a5d3be29ebb02151eb353 Mon Sep 17 00:00:00 2001
From: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
Date: Sat, 9 Oct 2021 12:44:59 +0200
Subject: Update disable-proc.inc

---
 etc/inc/disable-proc.inc | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'etc')

diff --git a/etc/inc/disable-proc.inc b/etc/inc/disable-proc.inc
index ce13fde3a..81a8883f3 100644
--- a/etc/inc/disable-proc.inc
+++ b/etc/inc/disable-proc.inc
@@ -71,9 +71,12 @@ blacklist /proc/vmallocinfo
 blacklist /proc/sys/abi
 blacklist /proc/sys/crypto
 blacklist /proc/sys/debug
-#blacklist /proc/sys/dev
-#blacklist /proc/sys/fs
-#blacklist /proc/sys/kernel
-#blacklist /proc/sys/net
+blacklist /proc/sys/dev
+blacklist /proc/sys/fs
+blacklist /proc/sys/net
 blacklist /proc/sys/user
-#blacklist /proc/sys/vm
+blacklist /proc/sys/vm
+
+noblacklist /proc/sys/kernel/osrelease
+noblacklist /proc/sys/kernel/yama
+blacklist /proc/sys/*/*
-- 
cgit v1.2.3-54-g00ecf