aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLibravatar netblue30 <netblue30@yahoo.com>2016-04-07 12:05:17 -0400
committerLibravatar netblue30 <netblue30@yahoo.com>2016-04-07 12:05:17 -0400
commit7d452d9a55d06c329488c919c184e6e1029ca19b (patch)
treee588ace11ef49f8d16d270b78247b6d3cb6310e0
parentcleanup (diff)
downloadfirejail-7d452d9a55d06c329488c919c184e6e1029ca19b.tar.gz
firejail-7d452d9a55d06c329488c919c184e6e1029ca19b.tar.zst
firejail-7d452d9a55d06c329488c919c184e6e1029ca19b.zip
added dnsmasq profile
Diffstat
-rw-r--r--Makefile.in1
-rw-r--r--README1
-rw-r--r--README.md2
-rw-r--r--RELNOTES2
-rw-r--r--etc/dnsmasq.profile14
-rw-r--r--platform/debian/conffiles1
6 files changed, 19 insertions, 2 deletions
diff --git a/Makefile.in b/Makefile.in
index 581402283..701e2856f 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -159,6 +159,7 @@ realinstall:
159 install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/. 159 install -c -m 0644 .etc/openbox.profile $(DESTDIR)/$(sysconfdir)/firejail/.
160 install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/. 160 install -c -m 0644 .etc/dillo.profile $(DESTDIR)/$(sysconfdir)/firejail/.
161 install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/. 161 install -c -m 0644 .etc/cmus.profile $(DESTDIR)/$(sysconfdir)/firejail/.
162 install -c -m 0644 .etc/dnsmasq.profile $(DESTDIR)/$(sysconfdir)/firejail/.
162 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 163 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/login.users ]; then install -c -m 0644 etc/login.users $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
163 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;" 164 sh -c "if [ ! -f $(DESTDIR)/$(sysconfdir)/firejail/firejail.config ]; then install -c -m 0644 etc/firejail.config $(DESTDIR)/$(sysconfdir)/firejail/.; fi;"
164 rm -fr .etc 165 rm -fr .etc
diff --git a/README b/README
index 3b5ae1e76..e1cd0b068 100644
--- a/README
+++ b/README
@@ -66,6 +66,7 @@ creideiki (https://github.com/creideiki)
66 - make the sandbox process reap all children 66 - make the sandbox process reap all children
67curiosity-seeker (https://github.com/curiosity-seeker) 67curiosity-seeker (https://github.com/curiosity-seeker)
68 - tightening unbound and dnscrypt-proxy profiles 68 - tightening unbound and dnscrypt-proxy profiles
69 - dnsmasq profile
69sinkuu (https://github.com/sinkuu) 70sinkuu (https://github.com/sinkuu)
70 - blacklisting kwalletd 71 - blacklisting kwalletd
71 - fix symlink invocation for programs placing symlinks in $PATH 72 - fix symlink invocation for programs placing symlinks in $PATH
diff --git a/README.md b/README.md
index e29c01d9a..c7adf3056 100644
--- a/README.md
+++ b/README.md
@@ -281,5 +281,5 @@ $ man firejail-profile
281 281
282## New security profiles 282## New security profiles
283lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox, 283lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril, qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars, qTox,
284OpenSSH client, OpenBox window manager, Dillo, cmus. 284OpenSSH client, OpenBox window manager, Dillo, cmus, dnsmasq.
285 285
diff --git a/RELNOTES b/RELNOTES
index c58911620..3b287ed0c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -16,7 +16,7 @@ firejail (0.9.40-rc1) baseline; urgency=low
16 * disable STUN/WebRTC in default netfilter configuration 16 * disable STUN/WebRTC in default netfilter configuration
17 * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril 17 * new profiles: lxterminal, Epiphany, cherrytree, Polari, Vivaldi, Atril
18 * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars 18 * new profiles: qutebrowser, SlimJet, Battle for Wesnoth, Hedgewars
19 * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus 19 * new profiles: qTox, OpenSSH client, OpenBox, Dillo, cmus, dnsmasq
20 * build rpm packages using "make rpms" 20 * build rpm packages using "make rpms"
21 * bugfixes 21 * bugfixes
22 -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500 22 -- netblue30 <netblue30@yahoo.com> Sun, 3 Apr 2016 08:00:00 -0500
diff --git a/etc/dnsmasq.profile b/etc/dnsmasq.profile
new file mode 100644
index 000000000..9ec66b8c5
--- /dev/null
+++ b/etc/dnsmasq.profile
@@ -0,0 +1,14 @@
1# dnsmasq profile
2noblacklist /sbin
3noblacklist /usr/sbin
4include /etc/firejail/disable-common.inc
5include /etc/firejail/disable-mgmt.inc
6include /etc/firejail/disable-devel.inc
7include /etc/firejail/disable-secret.inc
8include /etc/firejail/disable-terminals.inc
9caps
10seccomp
11protocol unix,inet,inet6,netlink
12netfilter
13private
14private-dev
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index aef20ed1f..ec6928074 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -79,3 +79,4 @@
79/etc/firejail/disable-passwdmgr.inc 79/etc/firejail/disable-passwdmgr.inc
80/etc/firejail/dillo.profile 80/etc/firejail/dillo.profile
81/etc/firejail/cmus.profile 81/etc/firejail/cmus.profile
82/etc/firejail/dnsmasq.profile
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-19 16:01:04 +0000