From 9d8afb4590cfb85e0da393dc6640c69243b89b33 Mon Sep 17 00:00:00 2001
From: jc_gargma <jc_gargma@iserlohn-fortress.net>
Date: Thu, 26 Aug 2021 00:26:50 -0700
Subject: Update hg, renpy profiles Add fallout for wine profile

---
 profiles/hg.profile | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

(limited to 'profiles/hg.profile')

diff --git a/profiles/hg.profile b/profiles/hg.profile
index ac5943d..c72365f 100644
--- a/profiles/hg.profile
+++ b/profiles/hg.profile
@@ -17,12 +17,17 @@ noblacklist ${HOME}/.oh-my-zsh
 noblacklist ${HOME}/.vim
 noblacklist ${HOME}/.viminfo
 
+# Allow ssh (blacklisted by disable-common.inc)
+include allow-ssh.inc
+
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+
 include disable-common.inc
+include disable-exec.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 
-blacklist /tmp/.X11-unix
-
 whitelist ${HOME}/.config/nano
 whitelist ${HOME}/.emacs
 whitelist ${HOME}/.emacs.d
@@ -40,15 +45,18 @@ whitelist ${HOME}/build
 whitelist ${HOME}/workspace
 
 caps.drop all
+ipc-namespace
 machine-id
 netfilter
 no3d
 nodvd
 nogroups
+noinput
 nonewprivs
 noroot
 nosound
 notv
+nou2f
 novideo
 protocol inet,inet6
 #protocol unix,inet,inet6
@@ -56,4 +64,8 @@ seccomp
 shell none
 
 private-bin hg,python2
+private-cache
 private-dev
+
+memory-deny-write-execute
+
-- 
cgit v1.2.1