## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

#include <tunables/global>

profile bootclockrandomization /usr/bin/bootclockrandomization flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/bash>

  /usr/bin/bootclockrandomization r,

  capability sys_time,

  /bin/bash rix,
  /bin/date mrix,
  /bin/rm mrix,
  /bin/touch mrix,

  /usr/bin/bash rix,
  /usr/bin/date mrix,
  /usr/bin/rm mrix,
  /usr/bin/touch mrix,

  /usr/bin/id mrix,
  /usr/bin/od mrix,
  /usr/bin/shuf mrix,

  /usr/libexec/helper-scripts/check_runtime.bsh r,

  owner /etc/nsswitch.conf r,
  owner /etc/passwd r,

  /dev/tty rw,

  #include <local/bootclockrandomization>
}
