Replace xmr-stak-cpu profile with unified xmr-stak profile

author: Tad <tad@spotco.us> 2018-01-25 13:38:44 -0500
committer: Tad <tad@spotco.us> 2018-01-25 13:38:44 -0500
commit: d1f0334ce7d3fc29bee64b50b993a677e1e80f76 (patch)
tree: 96f596ca88ef133a7f8a278957858e08b39ed0ab
parent: apparmor support for --chroot sandboxes (diff)
download: firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.tar.gz
firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.tar.zst
firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.zip
3 files changed, 12 insertions, 9 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 8cfcaa838..6288f14e2 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -453,6 +453,7 @@ blacklist ${HOME}/.wireshark
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.xiphos
 blacklist ${HOME}/.xmms
+blacklist ${HOME}/.xmr-stak
 blacklist ${HOME}/.xonotic
 blacklist ${HOME}/.xpdfrc
 blacklist ${HOME}/.zoom
diff --git a/etc/xmr-stak-cpu.profile b/etc/xmr-stak.profile
index 9cc6e0c1f..151a4c694 100644
--- a/etc/xmr-stak-cpu.profile
+++ b/etc/xmr-stak.profile
@@ -1,22 +1,24 @@
-# Firejail profile for xmr-stak-cpu
+# Firejail profile for xmr-stak
 # This file is overwritten after every install/update
 # Persistent local customizations
-include /etc/firejail/xmr-stak-cpu.local
+include /etc/firejail/xmr-stak.local
 # Persistent global definitions
 include /etc/firejail/globals.local
+noblacklist ${HOME}/.xmr-stak
+noblacklist /usr/lib/llvm*
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-devel.inc
 include /etc/firejail/disable-passwdmgr.inc
 include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.xmr-stak
 include /etc/firejail/whitelist-var-common.inc
 caps.drop all
 ipc-namespace
 netfilter
-no3d
 nodvd
 nogroups
 nonewprivs
@@ -29,12 +31,12 @@ seccomp
 shell none
 disable-mnt
-private
+private ${HOME}/.xmr-stak
-private-bin xmr-stak-cpu
+private-bin xmr-stak
 private-dev
-private-etc xmr-stak-cpu.json
+private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
-private-lib
+#private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend
-private-opt none
+private-opt cuda
 private-tmp
 memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 1cd9d9c1f..aff20d998 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -393,7 +393,7 @@ xfce4-dict
 xfce4-notes
 xiphos
 xmms
-xmr-stak-cpu
+xmr-stak
 xonotic
 xonotic-glx
 xonotic-sdl
author	Tad <tad@spotco.us>	2018-01-25 13:38:44 -0500
committer	Tad <tad@spotco.us>	2018-01-25 13:38:44 -0500
commit	d1f0334ce7d3fc29bee64b50b993a677e1e80f76 (patch)
tree	96f596ca88ef133a7f8a278957858e08b39ed0ab
parent	apparmor support for --chroot sandboxes (diff)
download	firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.tar.gz firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.tar.zst firejail-d1f0334ce7d3fc29bee64b50b993a677e1e80f76.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 8cfcaa838..6288f14e2 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -453,6 +453,7 @@ blacklist ${HOME}/.wireshark
453	blacklist ${HOME}/.wine64	453	blacklist ${HOME}/.wine64
454	blacklist ${HOME}/.xiphos	454	blacklist ${HOME}/.xiphos
455	blacklist ${HOME}/.xmms	455	blacklist ${HOME}/.xmms
		456	blacklist ${HOME}/.xmr-stak
456	blacklist ${HOME}/.xonotic	457	blacklist ${HOME}/.xonotic
457	blacklist ${HOME}/.xpdfrc	458	blacklist ${HOME}/.xpdfrc
458	blacklist ${HOME}/.zoom	459	blacklist ${HOME}/.zoom


diff --git a/etc/xmr-stak-cpu.profile b/etc/xmr-stak.profile index 9cc6e0c1f..151a4c694 100644 --- a/etc/xmr-stak-cpu.profile +++ b/etc/xmr-stak.profile
@@ -1,22 +1,24 @@
1	# Firejail profile for xmr-stak-cpu	1	# Firejail profile for xmr-stak
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	# Persistent local customizations	3	# Persistent local customizations
4	include /etc/firejail/xmr-stak-cpu.local	4	include /etc/firejail/xmr-stak.local
5	# Persistent global definitions	5	# Persistent global definitions
6	include /etc/firejail/globals.local	6	include /etc/firejail/globals.local
7		7
		8	noblacklist ${HOME}/.xmr-stak
		9	noblacklist /usr/lib/llvm*
8		10
9	include /etc/firejail/disable-common.inc	11	include /etc/firejail/disable-common.inc
10	include /etc/firejail/disable-devel.inc	12	include /etc/firejail/disable-devel.inc
11	include /etc/firejail/disable-passwdmgr.inc	13	include /etc/firejail/disable-passwdmgr.inc
12	include /etc/firejail/disable-programs.inc	14	include /etc/firejail/disable-programs.inc
13		15
		16	mkdir ${HOME}/.xmr-stak
14	include /etc/firejail/whitelist-var-common.inc	17	include /etc/firejail/whitelist-var-common.inc
15		18
16	caps.drop all	19	caps.drop all
17	ipc-namespace	20	ipc-namespace
18	netfilter	21	netfilter
19	no3d
20	nodvd	22	nodvd
21	nogroups	23	nogroups
22	nonewprivs	24	nonewprivs
@@ -29,12 +31,12 @@ seccomp
29	shell none	31	shell none
30		32
31	disable-mnt	33	disable-mnt
32	private	34	private ${HOME}/.xmr-stak
33	private-bin xmr-stak-cpu	35	private-bin xmr-stak
34	private-dev	36	private-dev
35	private-etc xmr-stak-cpu.json	37	private-etc ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
36	private-lib	38	#private-lib libxmrstak_opencl_backend,libxmrstak_cuda_backend
37	private-opt none	39	private-opt cuda
38	private-tmp	40	private-tmp
39		41
40	memory-deny-write-execute	42	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 1cd9d9c1f..aff20d998 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -393,7 +393,7 @@ xfce4-dict
393	xfce4-notes	393	xfce4-notes
394	xiphos	394	xiphos
395	xmms	395	xmms
396	xmr-stak-cpu	396	xmr-stak
397	xonotic	397	xonotic
398	xonotic-glx	398	xonotic-glx
399	xonotic-sdl	399	xonotic-sdl