diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-08-30 07:29:05 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-08-30 07:29:05 -0400 |
commit | ef4409e7b79b3dabf5a35879138d66b0b8a0c24d (patch) | |
tree | 8fceede1113e37c629f0f08e2870b3f91ee5292a | |
parent | little tweak (diff) | |
download | firejail-ef4409e7b79b3dabf5a35879138d66b0b8a0c24d.tar.gz firejail-ef4409e7b79b3dabf5a35879138d66b0b8a0c24d.tar.zst firejail-ef4409e7b79b3dabf5a35879138d66b0b8a0c24d.zip |
added whois and dig profiles
-rw-r--r-- | README.md | 2 | ||||
-rw-r--r-- | RELNOTES | 2 | ||||
-rw-r--r-- | etc/dig.profile | 47 | ||||
-rw-r--r-- | etc/whois.profile | 45 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 | ||||
-rwxr-xr-x | test/private-lib/dig.exp | 17 | ||||
-rwxr-xr-x | test/private-lib/private-lib.sh | 2 | ||||
-rwxr-xr-x | test/private-lib/whois.exp | 17 |
8 files changed, 131 insertions, 3 deletions
@@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe | |||
167 | ## New profiles | 167 | ## New profiles |
168 | Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, | 168 | Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop, |
169 | shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, | 169 | shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor, |
170 | xxd, Beaker, electrum, clamtk, pybitmessage | 170 | xxd, Beaker, electrum, clamtk, pybitmessage, dig, whois |
@@ -19,7 +19,7 @@ firejail (0.9.56~rc1) baseline; urgency=low | |||
19 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, | 19 | * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio, |
20 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, | 20 | * new profiles: standardnotes-desktop, shellcheck, patch, flameshot, |
21 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, | 21 | * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd, |
22 | * new profiles: Beaker, electrum, clamtk, pybitmessage | 22 | * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois |
23 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 | 23 | -- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500 |
24 | 24 | ||
25 | firejail (0.9.54) baseline; urgency=low | 25 | firejail (0.9.54) baseline; urgency=low |
diff --git a/etc/dig.profile b/etc/dig.profile new file mode 100644 index 000000000..4b6ab0975 --- /dev/null +++ b/etc/dig.profile | |||
@@ -0,0 +1,47 @@ | |||
1 | quiet | ||
2 | # Firejail profile for dig | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/dig.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | # include /etc/firejail/disable-devel.inc | ||
11 | # include /etc/firejail/disable-interpreters.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | #include /etc/firejail/disable-xdg.inc | ||
15 | |||
16 | whitelist ~/.digrc | ||
17 | include /etc/firejail/whitelist-common.inc | ||
18 | include /etc/firejail/whitelist-var-common.inc | ||
19 | |||
20 | caps.drop all | ||
21 | # ipc-namespace | ||
22 | netfilter | ||
23 | no3d | ||
24 | nodbus | ||
25 | nodvd | ||
26 | nogroups | ||
27 | nonewprivs | ||
28 | noroot | ||
29 | nosound | ||
30 | notv | ||
31 | novideo | ||
32 | protocol unix,inet,inet6 | ||
33 | seccomp | ||
34 | shell none | ||
35 | |||
36 | disable-mnt | ||
37 | private | ||
38 | private-bin sh,bash,dig | ||
39 | private-cache | ||
40 | private-dev | ||
41 | # private-etc resolv.conf | ||
42 | private-lib | ||
43 | private-tmp | ||
44 | |||
45 | memory-deny-write-execute | ||
46 | # noexec ${HOME} | ||
47 | # noexec /tmp | ||
diff --git a/etc/whois.profile b/etc/whois.profile new file mode 100644 index 000000000..3ef2e1476 --- /dev/null +++ b/etc/whois.profile | |||
@@ -0,0 +1,45 @@ | |||
1 | quiet | ||
2 | # Firejail profile for whois | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include /etc/firejail/whois.local | ||
6 | # Persistent global definitions | ||
7 | include /etc/firejail/globals.local | ||
8 | |||
9 | include /etc/firejail/disable-common.inc | ||
10 | # include /etc/firejail/disable-devel.inc | ||
11 | # include /etc/firejail/disable-interpreters.inc | ||
12 | include /etc/firejail/disable-passwdmgr.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | #include /etc/firejail/disable-xdg.inc | ||
15 | |||
16 | include /etc/firejail/whitelist-var-common.inc | ||
17 | |||
18 | caps.drop all | ||
19 | # ipc-namespace | ||
20 | netfilter | ||
21 | no3d | ||
22 | nodbus | ||
23 | nodvd | ||
24 | nogroups | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | ||
28 | notv | ||
29 | novideo | ||
30 | protocol inet,inet6 | ||
31 | seccomp | ||
32 | shell none | ||
33 | |||
34 | disable-mnt | ||
35 | private | ||
36 | private-bin sh,bash,whois | ||
37 | private-cache | ||
38 | private-dev | ||
39 | # private-etc hosts,services,whois.conf | ||
40 | private-lib | ||
41 | private-tmp | ||
42 | |||
43 | memory-deny-write-execute | ||
44 | # noexec ${HOME} | ||
45 | # noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0bbafb343..5ae1c28cd 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -94,6 +94,7 @@ deadbeef | |||
94 | deluge | 94 | deluge |
95 | dex2jar | 95 | dex2jar |
96 | dia | 96 | dia |
97 | dig | ||
97 | digikam | 98 | digikam |
98 | dillo | 99 | dillo |
99 | dino | 100 | dino |
@@ -442,6 +443,7 @@ weechat | |||
442 | weechat-curses | 443 | weechat-curses |
443 | wesnoth | 444 | wesnoth |
444 | wget | 445 | wget |
446 | whois | ||
445 | wine | 447 | wine |
446 | wire-desktop | 448 | wire-desktop |
447 | wireshark | 449 | wireshark |
diff --git a/test/private-lib/dig.exp b/test/private-lib/dig.exp new file mode 100755 index 000000000..6e03b0503 --- /dev/null +++ b/test/private-lib/dig.exp | |||
@@ -0,0 +1,17 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail dig 1.1.1.1\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Query time" | ||
14 | } | ||
15 | |||
16 | after 100 | ||
17 | puts "\nall done\n" | ||
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index edf81917a..5d23ebe88 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh | |||
@@ -5,7 +5,7 @@ | |||
5 | 5 | ||
6 | export MALLOC_CHECK_=3 | 6 | export MALLOC_CHECK_=3 |
7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) | 7 | export MALLOC_PERTURB_=$(($RANDOM % 255 + 1)) |
8 | LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" | 8 | LIST="dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog" |
9 | 9 | ||
10 | 10 | ||
11 | for app in $LIST; do | 11 | for app in $LIST; do |
diff --git a/test/private-lib/whois.exp b/test/private-lib/whois.exp new file mode 100755 index 000000000..6807b7cc2 --- /dev/null +++ b/test/private-lib/whois.exp | |||
@@ -0,0 +1,17 @@ | |||
1 | #!/usr/bin/expect -f | ||
2 | # This file is part of Firejail project | ||
3 | # Copyright (C) 2014-2018 Firejail Authors | ||
4 | # License GPL v2 | ||
5 | |||
6 | set timeout 10 | ||
7 | spawn $env(SHELL) | ||
8 | match_max 100000 | ||
9 | |||
10 | send -- "firejail whois debian.org\r" | ||
11 | expect { | ||
12 | timeout {puts "TESTING ERROR 0\n";exit} | ||
13 | "Domain Name" | ||
14 | } | ||
15 | |||
16 | after 100 | ||
17 | puts "\nall done\n" | ||