more logprof tuning...

diff --git a/home.harvie.Work.bash-offline.sh b/home.harvie.Work.bash-offline.sh
index c2abf33fbc30d32a03a9fc290927aac6366e9cfb..fd16cfd8b6226420597eab99bf487bbb1ee8975d 100644 (file)
--- a/home.harvie.Work.bash-offline.sh
+++ b/home.harvie.Work.bash-offline.sh
@@ -1,6 +1,14 @@
-# Last Modified: Thu Jan 19 09:45:04 2012
-#include <tunables/global>
-
+# Last Modified: Fri Jan 20 21:18:46 2012
 /home/harvie/Work/bash-offline.sh {
-       /** rixwmkl,
+  deny capability chown,
+  deny capability net_raw,
+  deny capability setgid,
+  deny capability setuid,
+  deny capability sys_ptrace,
+  deny capability sys_resource,
+
+
+
+  /** mrwlkix,
+
 }

diff --git a/usr.bin.makepkg b/usr.bin.makepkg
index eddc4c21971c02a801613885497fab885c4f2dd1..5fd9e346d7c1ee6f70267fb002f203eb42307c7a 100644 (file)
--- a/usr.bin.makepkg
+++ b/usr.bin.makepkg
@@ -1,4 +1,4 @@
-# Last Modified: Wed Jan 18 13:58:35 2012
+# Last Modified: Sun Jan 22 20:02:45 2012
 # This profile is made for users that are building
 # AUR packages from untrusted PKGBUILDs often
 
@@ -9,8 +9,10 @@
   #include <abstractions/bash>
   #include <abstractions/consoles>
 
-  /** rix,
-  /etc/** r,
+
+
+  / rix,
+  /** rkix,
   /home/*/.ccache/** rwix,
   /home/*/{Temp,Work/PKGBUILDs}/** rw,
   /tmp/** rwkix,

diff --git a/usr.bin.pidgin b/usr.bin.pidgin
index feef7bfdaad12855a2d2111988d146a5ee59df11..1d52578002108a1abf4c4d6a1d0dadfad1d92674 100644 (file)
--- a/usr.bin.pidgin
+++ b/usr.bin.pidgin
@@ -1,4 +1,4 @@
-# Last Modified: Wed Jan 18 12:29:15 2012
+# Last Modified: Thu Jan 19 19:56:19 2012
 # ------------------------------------------------------------------
 #
 #    Copyright (C) 2002-2005 Novell/SUSE
@@ -37,6 +37,7 @@
   /opt/MozillaFirefox/bin/firefox.sh Px,
   /opt/kde/share/** r,
   /opt/kde3/bin/kde-config mrix,
+  /sys/devices/system/cpu/* r,
   owner /tmp/** rwlk,
   /tmp/** m,
   /usr/X11R6/lib/Acrobat*/Resource/Font/* r,

diff --git a/usr.lib.chromium.chromium b/usr.lib.chromium.chromium
index e1344adcb8b497a52481c4c566090be10dbb746a..fb9bf2382397a71712b81c8b9734e56037ae9a0d 100644 (file)
--- a/usr.lib.chromium.chromium
+++ b/usr.lib.chromium.chromium
@@ -1,11 +1,12 @@
-# Last Modified: Wed Jan 18 18:05:11 2012
+# Last Modified: Fri Jan 20 21:18:46 2012
 # Author: Thomas Mudrunka
 
 #include <tunables/global>
 
-/usr/lib/chromium/chromium {
+/usr/lib/chromium/chromium flags=(complain) {
   #include <abstractions/audio>
   #include <abstractions/base>
+  #include <abstractions/bash>
   #include <abstractions/fonts>
   #include <abstractions/freedesktop.org>
   #include <abstractions/gnome>
@@ -27,15 +28,19 @@
   /bin/ps mrix,
   /dev/shm/* rw,
   /etc/** r,
-  /home/*/* r,
-  /home/*/.adobe/**/ rw,
+  /home/*/* rwk,
+  /home/*/.adobe/** rw,
   /home/*/.cache/chromium/** rw,
   /home/*/.cups/* r,
   /home/*/.icons/** r,
+  /home/*/.local/share/** r,
   /home/*/.macromedia/** rw,
-  /home/*/.mozilla/** r,
+  /home/*/.mozilla/** rwk,
   /home/*/.pki/** rwk,
   /home/*/.themes/** r,
+  /home/*/Desktop/ r,
+  /home/*/Desktop/* rw,
+  /home/*/Downloads/ r,
   /home/*/Downloads/** rw,
   /home/*/Work/GIT/plugins/chrome-extensions/** r,
   /home/*/private/dotfiles/.config/chromium/** mrwk,
@@ -44,10 +49,16 @@
   /proc/ r,
   /proc/** rw,
   /sys/** r,
-  /tmp/* r,
+  owner /tmp/** lk,
+  /tmp/** rw,
+  /usr/bin/gpg mrix,
+  /usr/bin/xdg-open rix,
+  /usr/bin/xdg-settings rix,
   /usr/lib/chromium/chromium rix,
   /usr/lib/chromium/chromium-sandbox rix,
+  /usr/lib/chromium/nacl_helper_bootstrap rix,
   /usr/lib/lib*so* mr,
+  /usr/lib/totem/totem-plugin-viewer rix,
   /var/db/nscd/* r,
   /var/tmp/* rw,