From bc8d91400256b6d0739c50097f1564d1598310a4 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Wed, 23 Jun 2021 01:14:34 -0700
Subject: Add kristall profile Update amfora profile

---
 profiles/amfora.profile | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'profiles/amfora.profile')

diff --git a/profiles/amfora.profile b/profiles/amfora.profile
index d4d6fa8..fcbeb82 100644
--- a/profiles/amfora.profile
+++ b/profiles/amfora.profile
@@ -13,14 +13,6 @@ noblacklist ${HOME}/.local/share/amfora
 blacklist /tmp/.X11-unix
 blacklist ${RUNUSER}/wayland-*
 
-mkdir ${HOME}/.config/amfora
-whitelist ${HOME}/.config/amfora
-mkdir ${HOME}/.local/share/amfora
-whitelist ${HOME}/.local/share/amfora
-
-
-include allow-perl.inc
-
 include disable-common.inc
 include disable-devel.inc
 include disable-interpreters.inc
@@ -28,9 +20,15 @@ include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.config/amfora
+mkdir ${HOME}/.local/share/amfora
+
+whitelist ${HOME}/.config/amfora
+whitelist ${HOME}/.local/share/amfora
 include whitelist-runuser-common.inc
 
 caps.drop all
+machine-id
 netfilter
 no3d
 nodvd
@@ -46,11 +44,18 @@ seccomp
 shell none
 tracelog
 
+disable-mnt
 private-bin amfora
 private-cache
 private-dev
-private-etc alternatives,ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-etc ca-certificates,resolv.conf,ssl
 private-tmp
 
+dbus-user none
+dbus-system none
+
+noexec ${HOME}
+noexec /tmp
+
 # # Use with hardened-malloc package
 env LD_PRELOAD=/usr/lib/libhardened_malloc.so
-- 
cgit v1.2.1