From b18f42ab0236de7eed5888f43ba36cdaf990cbca Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Sun, 30 Jul 2017 16:56:31 -0400
Subject: [PATCH] Initial adding of memory-deny-write-execute to profiles

- mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible
- mdwe also breaks most 3d accelerated programs such as 3d games
- mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference
-- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf
-- See https://github.com/nning/linux-pax-flags
---
 etc/bleachbit.profile        | 1 +
 etc/brasero.profile          | 1 +
 etc/cvlc.profile             | 2 ++
 etc/eog.profile              | 1 +
 etc/evince.profile           | 1 +
 etc/file-roller.profile      | 1 +
 etc/gnome-calculator.profile | 1 +
 etc/keepassxc.profile        | 1 +
 etc/less.profile             | 1 +
 etc/mumble.profile           | 1 +
 etc/peek.profile             | 1 +
 etc/ssh.profile              | 1 +
 etc/strings.profile          | 2 ++
 etc/transmission-cli.profile | 2 ++
 etc/transmission-gtk.profile | 2 ++
 etc/vlc.profile              | 1 +
 16 files changed, 20 insertions(+)

diff --git a/etc/bleachbit.profile b/etc/bleachbit.profile
index 9d8ec1733..5cc025a4a 100644
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@@ -28,5 +28,6 @@ shell none
 # private-tmp
 # private-etc
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/brasero.profile b/etc/brasero.profile
index 1d6856b73..cafb9f39a 100644
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@@ -30,5 +30,6 @@ tracelog
 # private-etc fonts
 # private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/cvlc.profile b/etc/cvlc.profile
index a52d62f83..921d505a9 100644
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@@ -27,3 +27,5 @@ tracelog
 #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
+
+memory-deny-write-execute
diff --git a/etc/eog.profile b/etc/eog.profile
index 7c21b241e..aa986e7d7 100644
--- a/etc/eog.profile
+++ b/etc/eog.profile
@@ -33,5 +33,6 @@ private-dev
 private-etc fonts
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/evince.profile b/etc/evince.profile
index 2173c7422..ee637c607 100644
--- a/etc/evince.profile
+++ b/etc/evince.profile
@@ -32,5 +32,6 @@ private-etc fonts
 # evince needs access to /tmp/mozilla* to work in firefox
 # private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/file-roller.profile b/etc/file-roller.profile
index 920a60159..7cbfc4edb 100644
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@@ -29,5 +29,6 @@ tracelog
 private-dev
 # private-etc fonts
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/gnome-calculator.profile b/etc/gnome-calculator.profile
index 90749be8c..40328e5c3 100644
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@@ -37,5 +37,6 @@ private-dev
 private-tmp
 disable-mnt
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/keepassxc.profile b/etc/keepassxc.profile
index 4e4c305f0..719cf1dec 100644
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@@ -33,5 +33,6 @@ private-dev
 private-etc fonts,ld.so.cache
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/less.profile b/etc/less.profile
index 9d4eb3fcf..f8c26879e 100644
--- a/etc/less.profile
+++ b/etc/less.profile
@@ -21,5 +21,6 @@ blacklist /tmp/.X11-unix
 
 private-dev
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/mumble.profile b/etc/mumble.profile
index 7303ac65a..a2104957d 100644
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@@ -35,5 +35,6 @@ private-bin mumble
 private-tmp
 disable-mnt
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/peek.profile b/etc/peek.profile
index cf60452d3..c2dd5c010 100644
--- a/etc/peek.profile
+++ b/etc/peek.profile
@@ -28,5 +28,6 @@ shell none
 private-dev
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/ssh.profile b/etc/ssh.profile
index e592841a1..466abdc88 100644
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@@ -31,5 +31,6 @@ tracelog
 private-dev
 #private-tmp #Breaks when exiting
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
diff --git a/etc/strings.profile b/etc/strings.profile
index af49feb04..a83e3a801 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -18,3 +18,5 @@ shell none
 tracelog
 private-dev
 blacklist /tmp/.X11-unix
+
+memory-deny-write-execute
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 0502bbfb4..5b7e6e7c8 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -28,3 +28,5 @@ tracelog
 private-tmp
 private-dev
 private-etc none
+
+memory-deny-write-execute
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 84d01179c..7f85aa69c 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -34,3 +34,5 @@ tracelog
 private-bin transmission-gtk
 private-dev
 private-tmp
+
+memory-deny-write-execute
diff --git a/etc/vlc.profile b/etc/vlc.profile
index b36e844ff..34f4aa5ff 100644
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@@ -27,5 +27,6 @@ private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
 
+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp