summaryrefslogtreecommitdiff
path: root/profiles/amfora.profile
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/amfora.profile')
-rw-r--r--profiles/amfora.profile23
1 files changed, 14 insertions, 9 deletions
diff --git a/profiles/amfora.profile b/profiles/amfora.profile
index d4d6fa8..fcbeb82 100644
--- a/profiles/amfora.profile
+++ b/profiles/amfora.profile
@@ -13,14 +13,6 @@ noblacklist ${HOME}/.local/share/amfora
blacklist /tmp/.X11-unix
blacklist ${RUNUSER}/wayland-*
-mkdir ${HOME}/.config/amfora
-whitelist ${HOME}/.config/amfora
-mkdir ${HOME}/.local/share/amfora
-whitelist ${HOME}/.local/share/amfora
-
-
-include allow-perl.inc
-
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
@@ -28,9 +20,15 @@ include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
+mkdir ${HOME}/.config/amfora
+mkdir ${HOME}/.local/share/amfora
+
+whitelist ${HOME}/.config/amfora
+whitelist ${HOME}/.local/share/amfora
include whitelist-runuser-common.inc
caps.drop all
+machine-id
netfilter
no3d
nodvd
@@ -46,11 +44,18 @@ seccomp
shell none
tracelog
+disable-mnt
private-bin amfora
private-cache
private-dev
-private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-etc ca-certificates,resolv.conf,ssl
private-tmp
+dbus-user none
+dbus-system none
+
+noexec ${HOME}
+noexec /tmp
+
# # Use with hardened-malloc package
env LD_PRELOAD=/usr/lib/libhardened_malloc.so
generated by cgit v1.2.1 (git 2.18.0) at 2024-10-04 05:34:17 +0000