New profile: singularity (Endgame: Singularity) #6463
Conversation
kmk3
changed the title
|
Disabled more things in the profile. Does it still work with the changes? |
|
This is a small python game that does not need any networking or even external access. I already thought what I did was already a bit overkill as my initial profile for this was even smaller. There is simply no attack surface to justify additional effort in my opinion. |
This idea seems backwards. Why give a program more access than it needs, especially if the standard
What would be the additional effort? I mostly just added the rest of the Again, do the changes cause any breakage? |
|
I do not have any more motivation to test the new directives. I'd prefer to stick to the things I already tested. |
kmk3
force-pushed
the
endgame-singularity
branch
from
a517517 to
b463983
Compare
|
All in, thanks! |
|
By the way, I did briefly test the profile with the hardening changes a while |
Commands used to check for issues:
$ git ls-files 'etc/profile-a-l/' | grep 'etc/profile-a-l/[m-z]'
etc/profile-a-l/singularity.profile
$ git ls-files 'etc/profile-m-z/' | grep 'etc/profile-a-l/[a-l]'
$
Command used to fix the path:
$ git mv \
etc/profile-a-l/singularity.profile \
etc/profile-m-z/singularity.profile
Relates to #6463.
Tested it myself of course. This is a small, python-based game which needs no network access and is generally quite frugal in terms of resources.
I would deem it fine if this is added to firecfg, as there are little to no configurable options and will work out of the box.