Merge pull request #2881 from flacks/profiles/zulip

Add Zulip profile
author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-07-31 18:30:30 +0000
committer: GitHub <noreply@github.com> 2019-07-31 18:30:30 +0000
commit: 4e8addaaec1ecd5b32a98b5e3b45365334b16d28 (patch)
tree: 44c8cdc6aac491151f0bf02a0cc5842c29c4f9d1
parent: Add tb-starter-wrapper.profile (#2863) (diff)
parent: Corrections (diff)
download: firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.tar.gz
firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.tar.zst
firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.zip
3 files changed, 49 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index cc6877693..9b66702fc 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -322,6 +322,7 @@ blacklist ${HOME}/.config/yelp
 blacklist ${HOME}/.config/youtube-dl
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
+blacklist ${HOME}/.config/Zulip
 blacklist ${HOME}/.conkeror.mozdev.org
 blacklist ${HOME}/.crawl
 blacklist ${HOME}/.curlrc
diff --git a/etc/zulip.profile b/etc/zulip.profile
new file mode 100644
index 000000000..999c2f77a
--- /dev/null
+++ b/etc/zulip.profile
@@ -0,0 +1,47 @@
+# Firejail profile for zulip
+# Description: Real-time team chat based on the email threading model
+# This file is overwritten after every install/update
+# Persistent local customizations
+include zulip.local
+# Persistent global definitions
+include globals.local
+ignore noexec /tmp
+noblacklist ${HOME}/.config/Zulip
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/Zulip
+whitelist ${HOME}/.config/Zulip
+whitelist ${DOWNLOADS}
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-bin locale,zulip
+private-cache
+private-dev
+private-etc asound.conf,fonts,machine-id
+private-tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 9645215ef..daf7a5621 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -679,3 +679,4 @@ zathura
 zeal
 zoom
 zpaq
+zulip
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-07-31 18:30:30 +0000
committer	GitHub <noreply@github.com>	2019-07-31 18:30:30 +0000
commit	4e8addaaec1ecd5b32a98b5e3b45365334b16d28 (patch)
tree	44c8cdc6aac491151f0bf02a0cc5842c29c4f9d1
parent	Add tb-starter-wrapper.profile (#2863) (diff)
parent	Corrections (diff)
download	firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.tar.gz firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.tar.zst firejail-4e8addaaec1ecd5b32a98b5e3b45365334b16d28.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index cc6877693..9b66702fc 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -322,6 +322,7 @@ blacklist ${HOME}/.config/yelp
322	blacklist ${HOME}/.config/youtube-dl	322	blacklist ${HOME}/.config/youtube-dl
323	blacklist ${HOME}/.config/zathura	323	blacklist ${HOME}/.config/zathura
324	blacklist ${HOME}/.config/zoomus.conf	324	blacklist ${HOME}/.config/zoomus.conf
		325	blacklist ${HOME}/.config/Zulip
325	blacklist ${HOME}/.conkeror.mozdev.org	326	blacklist ${HOME}/.conkeror.mozdev.org
326	blacklist ${HOME}/.crawl	327	blacklist ${HOME}/.crawl
327	blacklist ${HOME}/.curlrc	328	blacklist ${HOME}/.curlrc


diff --git a/etc/zulip.profile b/etc/zulip.profile new file mode 100644 index 000000000..999c2f77a --- /dev/null +++ b/etc/zulip.profile
@@ -0,0 +1,47 @@
		1	# Firejail profile for zulip
		2	# Description: Real-time team chat based on the email threading model
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include zulip.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	ignore noexec /tmp
		10
		11	noblacklist ${HOME}/.config/Zulip
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19	include disable-xdg.inc
		20
		21	mkdir ${HOME}/.config/Zulip
		22	whitelist ${HOME}/.config/Zulip
		23	whitelist ${DOWNLOADS}
		24	include whitelist-common.inc
		25	include whitelist-var-common.inc
		26
		27	apparmor
		28	caps.drop all
		29	netfilter
		30	no3d
		31	nodvd
		32	nogroups
		33	nonewprivs
		34	noroot
		35	notv
		36	nou2f
		37	novideo
		38	protocol unix,inet,inet6
		39	seccomp
		40	shell none
		41
		42	disable-mnt
		43	private-bin locale,zulip
		44	private-cache
		45	private-dev
		46	private-etc asound.conf,fonts,machine-id
		47	private-tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 9645215ef..daf7a5621 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -679,3 +679,4 @@ zathura
679	zeal	679	zeal
680	zoom	680	zoom
681	zpaq	681	zpaq
		682	zulip