add new profile: pkglog (#3902)

* add pkglog to new profiles * Create pkglog.profile * Update README.md * fix ordering in pkglog.profile * drop extra whitespace in pkglog.profile
author: glitsj16 <glitsj16@users.noreply.github.com> 2021-01-18 19:59:31 +0000
committer: GitHub <noreply@github.com> 2021-01-18 19:59:31 +0000
commit: 096df6df11d0c3a2707568d4f9d497fc2a0cb6f7 (patch)
tree: 43277a6bd2b50c7d24b613596b313feedc88482d
parent: harden plv.profile (#3901) (diff)
download: firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.tar.gz
firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.tar.zst
firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.zip
1 files changed, 59 insertions, 0 deletions
diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile
new file mode 100644
index 000000000..7d43dd08f
--- /dev/null
+++ b/etc/profile-m-z/pkglog.profile
@@ -0,0 +1,59 @@
+# Firejail profile for pklog
+# Description: Reports log of package updates
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pkglog.local
+# Persistent global definitions
+include globals.local
+# Allow python3 (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /var/log/apt/history.log
+whitelist /var/log/dnf.rpm.log
+whitelist /var/log/pacman.log
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-bin pkglog,python*
+private-cache
+private-dev
+private-etc alternatives
+private-opt none
+private-tmp
+writable-var-log
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+read-only /var/log/apt/history.log
+read-only /var/log/dnf.rpm.log
+read-only /var/log/pacman.log
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-01-18 19:59:31 +0000
committer	GitHub <noreply@github.com>	2021-01-18 19:59:31 +0000
commit	096df6df11d0c3a2707568d4f9d497fc2a0cb6f7 (patch)
tree	43277a6bd2b50c7d24b613596b313feedc88482d
parent	harden plv.profile (#3901) (diff)
download	firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.tar.gz firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.tar.zst firejail-096df6df11d0c3a2707568d4f9d497fc2a0cb6f7.zip

diff --git a/etc/profile-m-z/pkglog.profile b/etc/profile-m-z/pkglog.profile new file mode 100644 index 000000000..7d43dd08f --- /dev/null +++ b/etc/profile-m-z/pkglog.profile
@@ -0,0 +1,59 @@
	1	# Firejail profile for pklog
	2	# Description: Reports log of package updates
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include pkglog.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Allow python3 (blacklisted by disable-interpreters.inc)
	10	include allow-python3.inc
	11
	12	include disable-common.inc
	13	include disable-devel.inc
	14	include disable-exec.inc
	15	include disable-interpreters.inc
	16	include disable-passwdmgr.inc
	17	include disable-programs.inc
	18	include disable-xdg.inc
	19
	20	whitelist /var/log/apt/history.log
	21	whitelist /var/log/dnf.rpm.log
	22	whitelist /var/log/pacman.log
	23
	24	apparmor
	25	caps.drop all
	26	ipc-namespace
	27	machine-id
	28	net none
	29	no3d
	30	nodvd
	31	nogroups
	32	nonewprivs
	33	noroot
	34	nosound
	35	notv
	36	nou2f
	37	novideo
	38	seccomp
	39	shell none
	40	tracelog
	41
	42	disable-mnt
	43	private
	44	private-bin pkglog,python*
	45	private-cache
	46	private-dev
	47	private-etc alternatives
	48	private-opt none
	49	private-tmp
	50	writable-var-log
	51
	52	dbus-user none
	53	dbus-system none
	54
	55	memory-deny-write-execute
	56	read-only ${HOME}
	57	read-only /var/log/apt/history.log
	58	read-only /var/log/dnf.rpm.log
	59	read-only /var/log/pacman.log