Initial adding of memory-deny-write-execute to profiles

- mdwe breaks most vm-based languages so python/java/javascript and some mono programs are not compatible - mdwe also breaks most 3d accelerated programs such as 3d games - mdwe is similar to PaX's mprotect meaning PaX flag managers can be used as reference -- See https://github.com/copperhead/paxd-archive/blob/master/paxd.conf -- See https://github.com/nning/linux-pax-flags
2026-05-21 06:45:29 -06:00 · 2017-07-30 16:56:31 -04:00 · 2017-07-30 16:56:31 -04:00 · b18f42ab02
commit b18f42ab02
parent 0dba38435e
16 changed files with 20 additions and 0 deletions
--- a/etc/bleachbit.profile
+++ b/etc/bleachbit.profile
@ -28,5 +28,6 @@ shell none
 # private-tmp
 # private-etc

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/brasero.profile
+++ b/etc/brasero.profile
@ -30,5 +30,6 @@ tracelog
 # private-etc fonts
 # private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/cvlc.profile
+++ b/etc/cvlc.profile
@ -27,3 +27,5 @@ tracelog
 #private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp
+
+memory-deny-write-execute
--- a/etc/eog.profile
+++ b/etc/eog.profile
@ -33,5 +33,6 @@ private-dev
 private-etc fonts
 private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/evince.profile
+++ b/etc/evince.profile
@ -32,5 +32,6 @@ private-etc fonts
 # evince needs access to /tmp/mozilla* to work in firefox
 # private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/file-roller.profile
+++ b/etc/file-roller.profile
@ -29,5 +29,6 @@ tracelog
 private-dev
 # private-etc fonts

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/gnome-calculator.profile
+++ b/etc/gnome-calculator.profile
@ -37,5 +37,6 @@ private-dev
 private-tmp
 disable-mnt

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/keepassxc.profile
+++ b/etc/keepassxc.profile
@ -33,5 +33,6 @@ private-dev
 private-etc fonts,ld.so.cache
 private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/less.profile
+++ b/etc/less.profile
@ -21,5 +21,6 @@ blacklist /tmp/.X11-unix

 private-dev

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/mumble.profile
+++ b/etc/mumble.profile
@ -35,5 +35,6 @@ private-bin mumble
 private-tmp
 disable-mnt

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/peek.profile
+++ b/etc/peek.profile
@ -28,5 +28,6 @@ shell none
 private-dev
 private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/ssh.profile
+++ b/etc/ssh.profile
@ -31,5 +31,6 @@ tracelog
 private-dev
 #private-tmp #Breaks when exiting

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp
--- a/etc/strings.profile
+++ b/etc/strings.profile
@ -18,3 +18,5 @@ shell none
 tracelog
 private-dev
 blacklist /tmp/.X11-unix
+
+memory-deny-write-execute
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@ -28,3 +28,5 @@ tracelog
 private-tmp
 private-dev
 private-etc none
+
+memory-deny-write-execute
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@ -34,3 +34,5 @@ tracelog
 private-bin transmission-gtk
 private-dev
 private-tmp
+
+memory-deny-write-execute
--- a/etc/vlc.profile
+++ b/etc/vlc.profile
@ -27,5 +27,6 @@ private-bin vlc,cvlc,nvlc,rvlc,qvlc,svlc
 private-dev
 private-tmp

+memory-deny-write-execute
 noexec ${HOME}
 noexec /tmp