Merge pull request #665 from thomasjfox/unpacker-profiles

Add profiles for tar (gtar), unzip and unrar
author: netblue30 <netblue30@yahoo.com> 2016-07-31 07:50:29 -0400
committer: GitHub <noreply@github.com> 2016-07-31 07:50:29 -0400
commit: 31aef5fe61d713ae1c7d1aad1ffdc07599caccd5 (patch)
tree: d6ffe7865442f6332b92c50ec208e172745c3f5f
parent: Merge pull request #668 from thomasjfox/improve-trace (diff)
parent: Add file.profile (diff)
download: firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.tar.gz
firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.tar.zst
firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.zip
10 files changed, 61 insertions, 0 deletions
diff --git a/Makefile.in b/Makefile.in
index 04e93eec2..2a90a0fdd 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -131,6 +131,7 @@ realinstall:
        install -c -m 0644 .etc/epiphany.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/evince.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/fbreader.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/file.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/filezilla.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/firefox-esr.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/firefox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
@@ -144,6 +145,7 @@ realinstall:
        install -c -m 0644 .etc/google-chrome.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/google-play-music-desktop-player.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/gtar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/gzip.profile $(DESTDIR)/$(sysconfdir)/firejail/.
@@ -201,6 +203,7 @@ realinstall:
        install -c -m 0644 .etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/strings.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/tar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/telegram.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/thunderbird.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/totem.profile $(DESTDIR)/$(sysconfdir)/firejail/.
@@ -208,6 +211,8 @@ realinstall:
        install -c -m 0644 .etc/transmission-qt.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/uget-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/unbound.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/unrar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/unzip.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/uudeview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
        install -c -m 0644 .etc/vivaldi.profile $(DESTDIR)/$(sysconfdir)/firejail/.
diff --git a/README b/README
index dfd101b7e..58503d0c7 100644
--- a/README
+++ b/README
@@ -34,6 +34,8 @@ Peter Hogg (https://github.com/pigmonkey)
 Thomas Jarosch (https://github.com/thomasjfox)
        - disable keepassx in disable-passwdmgr.inc
        - added uudeview profile
+        - added tar (gtar), unzip and unrar profile
+        - added file profile
        - improved profile list
        - fixed small variable glitch in stat64() / lstat64() (libtracelog)
        - added lstat() / lstat64() support to libtrace
diff --git a/README.md b/README.md
index 26dc2c4e3..b186db8db 100644
--- a/README.md
+++ b/README.md
@@ -156,4 +156,5 @@ Browsers: Palemoon
 ## New security profiles
 Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom, uudeview
+tar (gtar), unzip, unrar, file
diff --git a/RELNOTES b/RELNOTES
index e37e24778..4d7f67bda 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -16,6 +16,7 @@ firejail (0.9.42~rc2) baseline; urgency=low
  * new profiles: Gitter, gThumb, mpv, Franz messenger, LibreOffice
  * new profiles: pix, audacity, strings, xz, xzdec, gzip, cpio, less
  * new profiles: Atom Beta, Atom, jitsi, eom, uudeview
+  * new profiles: tar (gtar), unzip, unrar, file
 -- netblue30 <netblue30@yahoo.com>  Thu, 21 Jul 2016 08:00:00 -0500
 firejail (0.9.40) baseline; urgency=low
diff --git a/etc/file.profile b/etc/file.profile
new file mode 100644
index 000000000..357576040
--- /dev/null
+++ b/etc/file.profile
@@ -0,0 +1,11 @@
+# file profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin file
+private-dev
+private-etc magic.mgc,magic,localtime
+hostname file
+nosound
diff --git a/etc/gtar.profile b/etc/gtar.profile
new file mode 100644
index 000000000..5dbc550f6
--- /dev/null
+++ b/etc/gtar.profile
@@ -0,0 +1 @@
+include /etc/firejail/tar.profile
diff --git a/etc/tar.profile b/etc/tar.profile
new file mode 100644
index 000000000..4ce3e59f0
--- /dev/null
+++ b/etc/tar.profile
@@ -0,0 +1,13 @@
+# tar profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+# support compressed archives
+private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-dev
+private-etc passwd,group,localtime
+hostname tar
+nosound
diff --git a/etc/unrar.profile b/etc/unrar.profile
new file mode 100644
index 000000000..ccd144699
--- /dev/null
+++ b/etc/unrar.profile
@@ -0,0 +1,11 @@
+# unrar profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin unrar
+private-dev
+private-etc passwd,group,localtime
+hostname unrar
+nosound
diff --git a/etc/unzip.profile b/etc/unzip.profile
new file mode 100644
index 000000000..d4862004c
--- /dev/null
+++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
+# unzip profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin unzip
+private-dev
+private-etc passwd,group,localtime
+hostname unzip
+nosound
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 5367edfe5..76ca9d44e 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -36,6 +36,7 @@
 /etc/firejail/epiphany.profile
 /etc/firejail/evince.profile
 /etc/firejail/fbreader.profile
+/etc/firejail/file.profile
 /etc/firejail/filezilla.profile
 /etc/firejail/firefox-esr.profile
 /etc/firejail/firefox.profile
@@ -50,6 +51,7 @@
 /etc/firejail/google-chrome.profile
 /etc/firejail/google-play-music-desktop-player.profile
 /etc/firejail/gpredict.profile
+/etc/firejail/gtar.profile
 /etc/firejail/gthumb.profile
 /etc/firejail/gwenview.profile
 /etc/firejail/gzip.profile
@@ -108,6 +110,7 @@
 /etc/firejail/steam.profile
 /etc/firejail/stellarium.profile
 /etc/firejail/strings.profile
+/etc/firejail/tar.profile
 /etc/firejail/telegram.profile
 /etc/firejail/thunderbird.profile
 /etc/firejail/totem.profile
@@ -115,6 +118,8 @@
 /etc/firejail/transmission-qt.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/unbound.profile
+/etc/firejail/unrar.profile
+/etc/firejail/unzip.profile
 /etc/firejail/uudeview.profile
 /etc/firejail/vivaldi-beta.profile
 /etc/firejail/vivaldi.profile
author	netblue30 <netblue30@yahoo.com>	2016-07-31 07:50:29 -0400
committer	GitHub <noreply@github.com>	2016-07-31 07:50:29 -0400
commit	31aef5fe61d713ae1c7d1aad1ffdc07599caccd5 (patch)
tree	d6ffe7865442f6332b92c50ec208e172745c3f5f
parent	Merge pull request #668 from thomasjfox/improve-trace (diff)
parent	Add file.profile (diff)
download	firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.tar.gz firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.tar.zst firejail-31aef5fe61d713ae1c7d1aad1ffdc07599caccd5.zip