Add a profile for ZAProxy

author: Tad <tad@spotco.us> 2017-10-10 12:39:26 -0400
committer: Tad <tad@spotco.us> 2017-10-10 12:39:26 -0400
commit: 9627229b6ffe1566ffd26f9d3a8be2938784cc21 (patch)
tree: a08f0866e11f07fe239982957d5e03250a2b57e6
parent: private-lib (diff)
download: firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.gz
firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.zst
firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.zip
4 files changed, 46 insertions, 1 deletions
diff --git a/README.md b/README.md
index 578ae10e9..549d3fdc4 100644
--- a/README.md
+++ b/README.md
@@ -181,4 +181,4 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e
 imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
 conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
-aosp, pdfmod, gnome-ring, signal-dekstop, xcalc
+aosp, pdfmod, gnome-ring, signal-dekstop, xcalc, zaproxy
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 064e60294..0e5400dd6 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.ViberPC
 blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.arduino15
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
new file mode 100644
index 000000000..3cce79a2e
--- /dev/null
+++ b/etc/zaproxy.profile
@@ -0,0 +1,42 @@
+# Firejail profile for zaproxy
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/zaproxy.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.ZAP
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.ZAP
+whitelist ${HOME}/.java
+whitelist ${HOME}/.ZAP
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 3d7d23fe7..600bd8841 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -286,6 +286,7 @@ sdat2img
 seamonkey
 seamonkey-bin
 shotcut
+signal-desktop
 silentarmy
 simple-scan
 simutrans
@@ -365,6 +366,7 @@ xreader
 xviewer
 yandex-browser
 youtube-dl
+zaproxy
 zart
 zathura
 zoom
author	Tad <tad@spotco.us>	2017-10-10 12:39:26 -0400
committer	Tad <tad@spotco.us>	2017-10-10 12:39:26 -0400
commit	9627229b6ffe1566ffd26f9d3a8be2938784cc21 (patch)
tree	a08f0866e11f07fe239982957d5e03250a2b57e6
parent	private-lib (diff)
download	firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.gz firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.zst firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.zip

diff --git a/README.md b/README.md index 578ae10e9..549d3fdc4 100644 --- a/README.md +++ b/README.md
@@ -181,4 +181,4 @@ calligrawords, cin, dooble, dooble-qt4, fetchmail, freecad, freecadcmd, google-e
181	imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,	181	imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natron,
182	ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,	182	ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
183	conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,	183	conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
184	aosp, pdfmod, gnome-ring, signal-dekstop, xcalc	184	aosp, pdfmod, gnome-ring, signal-dekstop, xcalc, zaproxy


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 064e60294..0e5400dd6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.TelegramDesktop
20	blacklist ${HOME}/.ViberPC	20	blacklist ${HOME}/.ViberPC
21	blacklist ${HOME}/.VirtualBox	21	blacklist ${HOME}/.VirtualBox
22	blacklist ${HOME}/.Wolfram Research	22	blacklist ${HOME}/.Wolfram Research
		23	blacklist ${HOME}/.ZAP
23	blacklist ${HOME}/.aMule	24	blacklist ${HOME}/.aMule
24	blacklist ${HOME}/.android	25	blacklist ${HOME}/.android
25	blacklist ${HOME}/.arduino15	26	blacklist ${HOME}/.arduino15


diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile new file mode 100644 index 000000000..3cce79a2e --- /dev/null +++ b/etc/zaproxy.profile
@@ -0,0 +1,42 @@
		1	# Firejail profile for zaproxy
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/zaproxy.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.java
		9	noblacklist ${HOME}/.ZAP
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
		15
		16	mkdir ${HOME}/.ZAP
		17	whitelist ${HOME}/.java
		18	whitelist ${HOME}/.ZAP
		19	include /etc/firejail/whitelist-common.inc
		20	include /etc/firejail/whitelist-var-common.inc
		21
		22	caps.drop all
		23	ipc-namespace
		24	netfilter
		25	no3d
		26	nodvd
		27	nogroups
		28	nonewprivs
		29	noroot
		30	nosound
		31	notv
		32	novideo
		33	protocol unix,inet,inet6
		34	seccomp
		35	shell none
		36
		37	disable-mnt
		38	private-dev
		39	private-tmp
		40
		41	noexec ${HOME}
		42	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 3d7d23fe7..600bd8841 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -286,6 +286,7 @@ sdat2img
286	seamonkey	286	seamonkey
287	seamonkey-bin	287	seamonkey-bin
288	shotcut	288	shotcut
		289	signal-desktop
289	silentarmy	290	silentarmy
290	simple-scan	291	simple-scan
291	simutrans	292	simutrans
@@ -365,6 +366,7 @@ xreader
365	xviewer	366	xviewer
366	yandex-browser	367	yandex-browser
367	youtube-dl	368	youtube-dl
		369	zaproxy
368	zart	370	zart
369	zathura	371	zathura
370	zoom	372	zoom