new profile: agetpkg (#3887)

* Create agetpkg.profile * new profile: agetpkg
author: glitsj16 <glitsj16@users.noreply.github.com> 2021-01-13 07:02:34 +0000
committer: GitHub <noreply@github.com> 2021-01-13 07:02:34 +0000
commit: cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78 (patch)
tree: a60c96b581257d6f707c1b8d0efcb798b183979d
parent: add new profiles: lsar & unar (ar redirects) (#3886) (diff)
download: firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.tar.gz
firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.tar.zst
firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.zip
2 files changed, 61 insertions, 1 deletions
diff --git a/README.md b/README.md
index 723223c92..912d626fe 100644
--- a/README.md
+++ b/README.md
@@ -195,4 +195,4 @@ Stats:
 ### New profiles:
-spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsarn unar
+spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg
diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile
new file mode 100644
index 000000000..6d5dab41a
--- /dev/null
+++ b/etc/profile-a-l/agetpkg.profile
@@ -0,0 +1,60 @@
+# Firejail profile for agetpkg
+# Description: CLI tool to list/get/install packages from the Arch Linux Archive
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include agetpkg.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+# Allow python (blacklisted by disable-interpreters.inc)
+#include allow-python2.inc
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+hostname agetpkg
+ipc-namespace
+machine-id
+noautopulse
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet,inet6
+seccomp
+shell none
+tracelog
+private-bin agetpkg,python3
+private-cache
+private-dev
+private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
author	glitsj16 <glitsj16@users.noreply.github.com>	2021-01-13 07:02:34 +0000
committer	GitHub <noreply@github.com>	2021-01-13 07:02:34 +0000
commit	cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78 (patch)
tree	a60c96b581257d6f707c1b8d0efcb798b183979d
parent	add new profiles: lsar & unar (ar redirects) (#3886) (diff)
download	firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.tar.gz firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.tar.zst firejail-cba5ca031dfafbe9d0e8f0dc5e37c5bbdac77a78.zip

diff --git a/README.md b/README.md index 723223c92..912d626fe 100644 --- a/README.md +++ b/README.md
@@ -195,4 +195,4 @@ Stats:
195		195
196	### New profiles:	196	### New profiles:
197		197
198	spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsarn unar	198	spectacle, chromium-browser-privacy, gtk-straw-viewer, gtk-youtube-viewer, gtk2-youtube-viewer, gtk3-youtube-viewer, straw-viewer, lutris, dolphin-emu, authenticator-rs, servo, tutanota-desktop, npm, marker, yarn, lsar, unar, agetpkg


diff --git a/etc/profile-a-l/agetpkg.profile b/etc/profile-a-l/agetpkg.profile new file mode 100644 index 000000000..6d5dab41a --- /dev/null +++ b/etc/profile-a-l/agetpkg.profile
@@ -0,0 +1,60 @@
		1	# Firejail profile for agetpkg
		2	# Description: CLI tool to list/get/install packages from the Arch Linux Archive
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include agetpkg.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	blacklist /tmp/.X11-unix
		11	blacklist ${RUNUSER}/wayland-*
		12
		13	# Allow python (blacklisted by disable-interpreters.inc)
		14	#include allow-python2.inc
		15	include allow-python3.inc
		16
		17	include disable-common.inc
		18	include disable-devel.inc
		19	include disable-exec.inc
		20	include disable-interpreters.inc
		21	include disable-passwdmgr.inc
		22	include disable-programs.inc
		23	include disable-shell.inc
		24	include disable-xdg.inc
		25
		26	whitelist ${DOWNLOADS}
		27	include whitelist-common.inc
		28	include whitelist-usr-share-common.inc
		29	include whitelist-var-common.inc
		30
		31	caps.drop all
		32	hostname agetpkg
		33	ipc-namespace
		34	machine-id
		35	noautopulse
		36	netfilter
		37	no3d
		38	nodvd
		39	nogroups
		40	nonewprivs
		41	noroot
		42	nosound
		43	notv
		44	nou2f
		45	novideo
		46	protocol inet,inet6
		47	seccomp
		48	shell none
		49	tracelog
		50
		51	private-bin agetpkg,python3
		52	private-cache
		53	private-dev
		54	private-etc ca-certificates,crypto-policies,pki,resolv.conf,ssl
		55	private-tmp
		56
		57	dbus-user none
		58	dbus-system none
		59
		60	memory-deny-write-execute