diff options
| author | Andinus <andinus@nand.sh> | 2020-06-10 17:29:45 +0530 |
|---|---|---|
| committer | Andinus <andinus@nand.sh> | 2020-06-10 17:29:45 +0530 |
| commit | fcd6004951ff78735e3b428be0b69ff915b951cd (patch) | |
| tree | 8d0d62fcf41983bf767814ffedd58cd7b38926c9 | |
| parent | 0ff1f3d221ad52608ccfeb0e470b196a23395823 (diff) | |
| download | ara-fcd6004951ff78735e3b428be0b69ff915b951cd.tar.gz | |
Better unveil list
While not perfect this is a lot better than the old list.
| -rwxr-xr-x | ara.pl | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/ara.pl b/ara.pl index 4f5170a..a351eb6 100755 --- a/ara.pl +++ b/ara.pl @@ -43,9 +43,10 @@ die "Can't use --local and --latest together\n" # %unveil contains list of paths to unveil with their permissions. my %unveil = ( - "/" => "rx", # Unveil "/", remove this later after profiling with - # ktrace. - "/home" => "", # Veil "/home", we don't want to read it. + "/usr" => "rx", + "/var" => "rx", + "/etc" => "rx", + "/dev" => "rx", "/tmp" => "rwc", "/dev/null" => "rw", ); |