curl profile

author: netblue30 <netblue30@yahoo.com> 2017-06-15 20:53:29 -0400
committer: netblue30 <netblue30@yahoo.com> 2017-06-15 20:53:29 -0400
commit: 19c2c137bf99210f4ba48af57b3c9ac0624debd0 (patch)
tree: ef2a45eac82eff02ca9c2afa0af118a275690a61
parent: test: add novideo to profiles (part 1) (diff)
download: firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.tar.gz
firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.tar.zst
firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.zip
6 files changed, 45 insertions, 0 deletions
diff --git a/README.md b/README.md
index fa5b9199f..bc0ba475a 100644
--- a/README.md
+++ b/README.md
@@ -63,3 +63,8 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
 `````
 # Current development version: 0.9.49
+## New profiles:
+curl
diff --git a/RELNOTES b/RELNOTES
index 684a0c731..b7a0c49e7 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -1,5 +1,6 @@
 firejail (0.9.49) baseline; urgency=low
  * work in progress!
+  * new profiles: curl
  * bugfixes
 -- netblue30 <netblue30@yahoo.com>  Mon, 12 Jun 2017 20:00:00 -0500
diff --git a/etc/curl.profile b/etc/curl.profile
new file mode 100644
index 000000000..58b5f050a
--- /dev/null
+++ b/etc/curl.profile
@@ -0,0 +1,35 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/curl.local
+# curl profile
+noblacklist ~/.curlrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+caps.drop all
+#ipc-namespace
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+blacklist /tmp/.X11-unix
+# private-bin curl
+private-dev
+# private-etc resolv.conf
+private-tmp
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 41889cc5f..4d77218de 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -170,6 +170,7 @@ blacklist ${HOME}/.config/xviewer
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.curlrc
 blacklist ${HOME}/.dia
 blacklist ${HOME}/.dillo
 blacklist ${HOME}/.dosbox
@@ -339,6 +340,7 @@ blacklist ${HOME}/.vst
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
 blacklist ${HOME}/.weechat
+blacklist ${HOME}/.wgetrc
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.xiphos
diff --git a/etc/wget.profile b/etc/wget.profile
index 306ec4417..801e034ea 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
 include /etc/firejail/wget.local
 # wget profile
+noblacklist ~/.wgetrc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 7d36714c1..1fb8c86e7 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -307,3 +307,4 @@
 /etc/firejail/darktable.profile
 /etc/firejail/waterfox.profile
 /etc/firejail/handbrake.profile
+/etc/firejail/curl.profile
author	netblue30 <netblue30@yahoo.com>	2017-06-15 20:53:29 -0400
committer	netblue30 <netblue30@yahoo.com>	2017-06-15 20:53:29 -0400
commit	19c2c137bf99210f4ba48af57b3c9ac0624debd0 (patch)
tree	ef2a45eac82eff02ca9c2afa0af118a275690a61
parent	test: add novideo to profiles (part 1) (diff)
download	firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.tar.gz firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.tar.zst firejail-19c2c137bf99210f4ba48af57b3c9ac0624debd0.zip

diff --git a/README.md b/README.md index fa5b9199f..bc0ba475a 100644 --- a/README.md +++ b/README.md
@@ -63,3 +63,8 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is
63		63
64	`````	64	`````
65	# Current development version: 0.9.49	65	# Current development version: 0.9.49
		66
		67	## New profiles:
		68
		69	curl
		70


diff --git a/RELNOTES b/RELNOTES index 684a0c731..b7a0c49e7 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -1,5 +1,6 @@
1	firejail (0.9.49) baseline; urgency=low	1	firejail (0.9.49) baseline; urgency=low
2	* work in progress!	2	* work in progress!
		3	* new profiles: curl
3	* bugfixes	4	* bugfixes
4	-- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500	5	-- netblue30 <netblue30@yahoo.com> Mon, 12 Jun 2017 20:00:00 -0500
5		6


diff --git a/etc/curl.profile b/etc/curl.profile new file mode 100644 index 000000000..58b5f050a --- /dev/null +++ b/etc/curl.profile
@@ -0,0 +1,35 @@
		1	quiet
		2	# Persistent global definitions go here
		3	include /etc/firejail/globals.local
		4
		5	# This file is overwritten during software install.
		6	# Persistent customizations should go in a .local file.
		7	include /etc/firejail/curl.local
		8
		9	# curl profile
		10	noblacklist ~/.curlrc
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-programs.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14
		15	caps.drop all
		16	#ipc-namespace
		17	netfilter
		18	no3d
		19	nogroups
		20	nonewprivs
		21	noroot
		22	nosound
		23	protocol unix,inet,inet6
		24	seccomp
		25	shell none
		26
		27	blacklist /tmp/.X11-unix
		28
		29	# private-bin curl
		30	private-dev
		31	# private-etc resolv.conf
		32	private-tmp
		33
		34	noexec ${HOME}
		35	noexec /tmp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 41889cc5f..4d77218de 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -170,6 +170,7 @@ blacklist ${HOME}/.config/xviewer
170	blacklist ${HOME}/.config/zathura	170	blacklist ${HOME}/.config/zathura
171	blacklist ${HOME}/.config/zoomus.conf	171	blacklist ${HOME}/.config/zoomus.conf
172	blacklist ${HOME}/.conkeror.mozdev.org	172	blacklist ${HOME}/.conkeror.mozdev.org
		173	blacklist ${HOME}/.curlrc
173	blacklist ${HOME}/.dia	174	blacklist ${HOME}/.dia
174	blacklist ${HOME}/.dillo	175	blacklist ${HOME}/.dillo
175	blacklist ${HOME}/.dosbox	176	blacklist ${HOME}/.dosbox
@@ -339,6 +340,7 @@ blacklist ${HOME}/.vst
339	blacklist ${HOME}/.w3m	340	blacklist ${HOME}/.w3m
340	blacklist ${HOME}/.warzone2100-3.*	341	blacklist ${HOME}/.warzone2100-3.*
341	blacklist ${HOME}/.weechat	342	blacklist ${HOME}/.weechat
		343	blacklist ${HOME}/.wgetrc
342	blacklist ${HOME}/.wine	344	blacklist ${HOME}/.wine
343	blacklist ${HOME}/.wine64	345	blacklist ${HOME}/.wine64
344	blacklist ${HOME}/.xiphos	346	blacklist ${HOME}/.xiphos


diff --git a/etc/wget.profile b/etc/wget.profile index 306ec4417..801e034ea 100644 --- a/etc/wget.profile +++ b/etc/wget.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
7	include /etc/firejail/wget.local	7	include /etc/firejail/wget.local
8		8
9	# wget profile	9	# wget profile
		10	noblacklist ~/.wgetrc
10	include /etc/firejail/disable-common.inc	11	include /etc/firejail/disable-common.inc
11	include /etc/firejail/disable-programs.inc	12	include /etc/firejail/disable-programs.inc
12	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc


diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 7d36714c1..1fb8c86e7 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles
@@ -307,3 +307,4 @@
307	/etc/firejail/darktable.profile	307	/etc/firejail/darktable.profile
308	/etc/firejail/waterfox.profile	308	/etc/firejail/waterfox.profile
309	/etc/firejail/handbrake.profile	309	/etc/firejail/handbrake.profile
		310	/etc/firejail/curl.profile