diff options
author | netblue30 <netblue30@yahoo.com> | 2016-04-07 12:05:17 -0400 |
---|---|---|
committer | netblue30 <netblue30@yahoo.com> | 2016-04-07 12:05:17 -0400 |
commit | 7d452d9a55d06c329488c919c184e6e1029ca19b (patch) | |
tree | e588ace11ef49f8d16d270b78247b6d3cb6310e0 | |
parent | cleanup (diff) | |
download | firejail-7d452d9a55d06c329488c919c184e6e1029ca19b.tar.gz firejail-7d452d9a55d06c329488c919c184e6e1029ca19b.tar.zst firejail-7d452d9a55d06c329488c919c184e6e1029ca19b.zip |
added dnsmasq profile
-rw-r--r-- | Makefile.in | 1 | ||||
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/dnsmasq.profile | 14 | ||||
-rw-r--r-- | platform/debian/conffiles | 1 |
6 files changed, 19 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in index 581402283..701e2856f 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -159,6 +159,7 @@ realinstall: | |||
159 | install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 159 | install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 160 | install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
161 | install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. | 161 | install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. |
162 | install -c -m 0644 .etc/dnsmasq.profile $(DESTDIR)/$(sysconfdir)/firejail/. | ||
162 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 163 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
163 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" | 164 | sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" |
164 | rm -fr .etc | 165 | rm -fr .etc |
@@ -66,6 +66,7 @@ creideiki (https://github.com/creideiki) | |||
66 | - make the sandbox process reap all children | 66 | - make the sandbox process reap all children |
67 | curiosity-seeker (https://github.com/curiosity-seeker) | 67 | curiosity-seeker (https://github.com/curiosity-seeker) |
68 | - tightening unbound and dnscrypt-proxy profiles | 68 | - tightening unbound and dnscrypt-proxy profiles |
69 | - dnsmasq profile | ||
69 | sinkuu (https://github.com/sinkuu) | 70 | sinkuu (https://github.com/sinkuu) |
70 | - blacklisting kwalletd | 71 | - blacklisting kwalletd |
71 | - fix symlink invocation for programs placing symlinks in $PATH | 72 | - fix symlink invocation for programs placing symlinks in $PATH |
@@ -281,5 +281,5 @@ $ man firejail-profile | |||
281 | 281 | ||
282 | ## New security profiles | 282 | ## New security profiles |
283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, | 283 | lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, |
284 | OpenSSH client, OpenBox window manager, Dillo, cmus. | 284 | OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq. |
285 | 285 | ||
@@ -16,7 +16,7 @@ firejail (0.9.40-rc1) baseline; urgency=low | |||
16 | * disable STUN/WebRTC in default netfilter configuration | 16 | * disable STUN/WebRTC in default netfilter configuration |
17 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril | 17 | * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril |
18 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars | 18 | * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars |
19 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus | 19 | * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq |
20 | * build rpm packages using "make rpms" | 20 | * build rpm packages using "make rpms" |
21 | * bugfixes | 21 | * bugfixes |
22 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 | 22 | -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 |
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile new file mode 100644 index 000000000..9ec66b8c5 --- /dev/null +++ b/etc/dnsmasq.profile | |||
@@ -0,0 +1,14 @@ | |||
1 | # dnsmasq profile | ||
2 | noblacklist /sbin | ||
3 | noblacklist /usr/sbin | ||
4 | include /etc/firejail/disable-common.inc | ||
5 | include /etc/firejail/disable-mgmt.inc | ||
6 | include /etc/firejail/disable-devel.inc | ||
7 | include /etc/firejail/disable-secret.inc | ||
8 | include /etc/firejail/disable-terminals.inc | ||
9 | caps | ||
10 | seccomp | ||
11 | protocol unix,inet,inet6,netlink | ||
12 | netfilter | ||
13 | private | ||
14 | private-dev | ||
diff --git a/platform/debian/conffiles b/platform/debian/conffiles index aef20ed1f..ec6928074 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles | |||
@@ -79,3 +79,4 @@ | |||
79 | /etc/firejail/disable-passwdmgr.inc | 79 | /etc/firejail/disable-passwdmgr.inc |
80 | /etc/firejail/dillo.profile | 80 | /etc/firejail/dillo.profile |
81 | /etc/firejail/cmus.profile | 81 | /etc/firejail/cmus.profile |
82 | /etc/firejail/dnsmasq.profile | ||