misc fixes

remove netfilter from profiles with net none allow Viber to use dig, dig is in its private-bin, so I assume that it need it. blacklist resolvectl which can also be used for dns lookups
netblue30 · Mar 19, 2020 · 4442aac · 4442aac
1 parent 3539a02
commit 4442aac
Show file tree

Hide file tree

Showing 16 changed files with 4 additions and 15 deletions.
diff --git a/etc/2048-qt.profile b/etc/2048-qt.profile
@@ -26,7 +26,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 nodvd
 nogroups
 nonewprivs

diff --git a/etc/Viber.profile b/etc/Viber.profile
@@ -6,6 +6,7 @@ include Viber.local
 include globals.local
 
 noblacklist ${HOME}/.ViberPC
+noblacklist ${PATH}/dig
 
 include disable-common.inc
 include disable-devel.inc

diff --git a/etc/atool.profile b/etc/atool.profile
@@ -25,7 +25,6 @@ hostname atool
 ipc-namespace
 machine-id
 net none
-netfilter
 no3d
 nodvd
 nodbus

diff --git a/etc/dia.profile b/etc/dia.profile
@@ -18,6 +18,7 @@ include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
+
 include whitelist-var-common.inc
 
 apparmor

diff --git a/etc/disable-common.inc b/etc/disable-common.inc
@@ -481,6 +481,4 @@ blacklist ${PATH}/dnswalk
 blacklist ${PATH}/dns2tcp
 blacklist ${PATH}/iodine
 blacklist ${PATH}/knsupdate
-
-
-
+blacklist ${PATH}/resolvectl
diff --git a/etc/fbreader.profile b/etc/fbreader.profile
@@ -22,7 +22,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 nodvd
 nonewprivs
 noroot

diff --git a/etc/handbrake.profile b/etc/handbrake.profile
@@ -23,7 +23,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 nodbus
 nogroups
 nonewprivs

diff --git a/etc/leafpad.profile b/etc/leafpad.profile
@@ -20,7 +20,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 no3d
 nodvd
 nogroups

diff --git a/etc/lximage-qt.profile b/etc/lximage-qt.profile
@@ -19,7 +19,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 no3d
 nodvd
 nogroups

diff --git a/etc/mousepad.profile b/etc/mousepad.profile
@@ -20,7 +20,6 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 net none
-netfilter
 nodvd
 nogroups
 nonewprivs

diff --git a/etc/openclonk.profile b/etc/openclonk.profile
@@ -25,6 +25,7 @@ apparmor
 caps.drop all
 ipc-namespace
 # net none - networked game
+netfilter
 nodbus
 nodvd
 nogroups

diff --git a/etc/openttd.profile b/etc/openttd.profile
@@ -25,7 +25,6 @@ apparmor
 caps.drop all
 ipc-namespace
 net none
-netfilter
 nodbus
 nodvd
 nogroups

diff --git a/etc/ppsspp.profile b/etc/ppsspp.profile
@@ -21,7 +21,6 @@ include whitelist-var-common.inc
 
 caps.drop all
 ipc-namespace
-netfilter
 net none
 nodbus
 nodvd

diff --git a/etc/terasology.profile b/etc/terasology.profile
@@ -28,7 +28,6 @@ include whitelist-common.inc
 caps.drop all
 ipc-namespace
 net none
-netfilter
 nodbus
 nodvd
 nogroups

diff --git a/etc/x-terminal-emulator.profile b/etc/x-terminal-emulator.profile
@@ -8,7 +8,6 @@ include globals.local
 caps.drop all
 ipc-namespace
 net none
-netfilter
 nodbus
 nogroups
 noroot

diff --git a/etc/xcalc.profile b/etc/xcalc.profile
@@ -17,7 +17,6 @@ include whitelist-var-common.inc
 
 caps.drop all
 net none
-netfilter
 no3d
 nodbus
 nodvd