## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#include <tunables/global>

profile bootclockrandomization /usr/share/bootclockrandomization/* flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/bash>

  capability sys_time,

  /bin/bash rix,
  /bin/date mrix,
  /bin/rm mrix,
  /bin/touch mrix,

  /usr/bin/bash rix,
  /usr/bin/date mrix,
  /usr/bin/rm mrix,
  /usr/bin/touch mrix,

  /usr/bin/id mrix,
  /usr/bin/od mrix,
  /usr/bin/shuf mrix,

  owner /etc/nsswitch.conf r,
  owner /etc/passwd r,

  owner /run/bootclockrandomization/{fail,success} w,
  owner /usr/share/bootclockrandomization/* r,

  /dev/tty rw,

  #include <local/bootclockrandomization>
}
