Skip to content

Commit

Permalink
mocp: hardening (#6017)
Browse files Browse the repository at this point in the history
  • Loading branch information
@glitsj16
glitsj16 authored Sep 23, 2023
1 parent 5de32c1 commit 9690ce7
Showing 1 changed file with 13 additions and 2 deletions.
15 changes: 13 additions & 2 deletions etc/profile-m-z/mocp.profile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,15 +10,24 @@ include globals.local
noblacklist ${HOME}/.moc
noblacklist ${MUSIC}

blacklist /tmp/.X11-unix
blacklist ${RUNUSER}/wayland-*

include disable-common.inc
include disable-devel.inc
include disable-exec.inc
include disable-interpreters.inc
include disable-proc.inc
include disable-programs.inc
include disable-xdg.inc

include whitelist-usr-share-common.inc
mkdir ${HOME}/.moc
whitelist ${HOME}/.moc
whitelist ${MUSIC}
include whitelist-common.inc
include whitelist-run-common.inc
include whitelist-runuser-common.inc
include whitelist-usr-share-common.inc
include whitelist-var-common.inc

apparmor
Expand All @@ -30,12 +39,14 @@ nodvd
nogroups
noinput
nonewprivs
noprinters
noroot
notv
nou2f
novideo
protocol unix,inet,inet6,netlink
protocol unix,inet,inet6
seccomp
seccomp.block-secondary
tracelog

private-bin mocp
Expand Down

0 comments on commit 9690ce7

Please sign in to comment.