Skip to content

Commit

Permalink
profiles: hexchat: allow lua/downloads and harden
Browse files Browse the repository at this point in the history 
Allow more paths and add some extra options to harden the profile.

We allow Perl but keep it out of private-bin. Do the same for Lua and
clarify in the private-bin comment how to enable these interpreters.

Consulted resources:

- https://github.com/hexchat/hexchat/
- https://hexchat.readthedocs.io/
  • Loading branch information
@glitsj16 @kmk3
glitsj16 authored and kmk3 committed May 7, 2024
1 parent 5307327 commit 7c573d7
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion etc/profile-a-l/hexchat.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ noblacklist ${HOME}/.config/hexchat
# Allow /bin/sh (blacklisted by disable-shell.inc)
include allow-bin-sh.inc

# Allow lua (blacklisted by disable-interpreters.inc)
include allow-lua.inc

# Allow perl (blacklisted by disable-interpreters.inc)
include allow-perl.inc

Expand Down Expand Up @@ -52,10 +55,12 @@ nou2f
novideo
protocol unix,inet,inet6
seccomp
seccomp.block-secondary
tracelog

disable-mnt
# debug note: private-bin requires perl, python, etc on some systems
# If you need Lua and/or Perl support, add the relevant binaries from
# allow-lua.inc/allow-perl.inc to private-bin in your hexchat.local.
private-bin hexchat,python*,sh
private-dev
#private-lib # python problems
Expand Down

0 comments on commit 7c573d7

Please sign in to comment.