drill profile

author: netblue30 <netblue30@yahoo.com> 2020-12-12 18:13:44 -0500
committer: netblue30 <netblue30@yahoo.com> 2020-12-12 18:13:44 -0500
commit: 814bc190479d611ae6ffb442070e76ea61a2ade8 (patch)
tree: cf69f2c01eb1186f333a056aaaf126fc5cb5bb63
parent: Merge pull request #3810 from kmk3/dc-add-ldns (diff)
download: firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.tar.gz
firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.tar.zst
firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.zip
3 files changed, 67 insertions, 0 deletions
diff --git a/README b/README
index 81f5fd5e8..6c86dcc5a 100644
--- a/README
+++ b/README
@@ -252,12 +252,14 @@ Danil Semelenov (https://github.com/sgtpep)
 Dara Adib (https://github.com/daradib)
        - ssh profile fix
        - evince profile fix
+        - linphone profile fix
 Dario Pellegrini (https://github.com/dpellegr)
        - allowing links in netns
 David Thole (https://github.com/TheDarkTrumpet)
        - added profile for teams-for-linux
 Davide Beatrici (https://github.com/davidebeatrici)
        - steam.profile: correctly blacklist unneeded directories in user's home
+        - minetest fixes
 David Hyrule (https://github.com/Svaag)
        - remove nou2f in ssh profile
 Deelvesh Bunjun (https://github.com/DeelveshBunjun)
@@ -515,6 +517,8 @@ KellerFuchs (https://github.com/KellerFuchs)
        - added support for .local profile files in /etc/firejail
        - fixed Cryptocat profile
        - make ~/.local read-only
+Kelvin (https://github.com/kmk3)
+        - disable ldns utilities
 Kishore96in (https://github.com/Kishore96in)
        - added falkon profile
        - kxmlgui fixes
@@ -546,6 +550,7 @@ Liorst4 (https://github.com/Liorst4)
        - Preserve CFLAGS given to configure in common.mk.in
        - fix emacs config to load as read-write
        - disable browser drm by default
+        - minetest fixes
 Lockdis (https://github.com/Lockdis)
        - Added crow, nyx, and google-earth-pro profiles
 Lukáš Krejčí (https://github.com/lskrejci)
@@ -604,6 +609,7 @@ Neo00001 (https://github.com/Neo00001)
        - add vmware profile
        - update virtualbox profile
        - update telegram profile
+        - add spectacle profile
 Nick Fox (https://github.com/njfox)
        - add a profile alias for code-oss
        - add code-oss config directory
@@ -701,6 +707,8 @@ Rahiel Kasim (https://github.com/rahiel)
        - added telegram-desktop profile
 Rahul Golam (https://github.com/technoLord)
        - strings profile
+RandomVoid (https://github.com/RandomVoid)
+        - fix building C# projects in Godot
 Raphaël Droz (https://github.com/drzraf)
        - zoom profile fixes
 Reiner Herrmann (https://github.com/reinerh)
@@ -953,6 +961,8 @@ Vladimir Schowalter (https://github.com/VladimirSchowalter20)
        read-only kde5 services directory
 xee5ch (https://github.com/xee5ch)
        - skypeforlinux profile
+Ypnose (https://github.com/Ypnose)
+        - disable-shell.inc: add mksh shell
 yumkam (https://github.com/yumkam)
        - add compile-time option to restrict --net= to root only
        - man page fixes
diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile
new file mode 100644
index 000000000..8c59b0cb6
--- /dev/null
+++ b/etc/profile-a-l/drill.profile
@@ -0,0 +1,56 @@
+# Firejail profile for drill
+# Description: DNS lookup utility
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include drill.local
+# Persistent global definitions
+include globals.local
+noblacklist ${PATH}/drill
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+blacklist ${RUNUSER}
+include disable-common.inc
+# include disable-devel.inc
+include disable-exec.inc
+# include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-bin bash,drill,sh
+private-dev
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 000ed5258..fe6990229 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -180,6 +180,7 @@ dooble-qt4
 dosbox
 dragon
 drawio
+drill
 dropbox
 d-feet
 easystroke
author	netblue30 <netblue30@yahoo.com>	2020-12-12 18:13:44 -0500
committer	netblue30 <netblue30@yahoo.com>	2020-12-12 18:13:44 -0500
commit	814bc190479d611ae6ffb442070e76ea61a2ade8 (patch)
tree	cf69f2c01eb1186f333a056aaaf126fc5cb5bb63
parent	Merge pull request #3810 from kmk3/dc-add-ldns (diff)
download	firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.tar.gz firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.tar.zst firejail-814bc190479d611ae6ffb442070e76ea61a2ade8.zip

diff --git a/README b/README index 81f5fd5e8..6c86dcc5a 100644 --- a/README +++ b/README
@@ -252,12 +252,14 @@ Danil Semelenov (https://github.com/sgtpep)
252	Dara Adib (https://github.com/daradib)	252	Dara Adib (https://github.com/daradib)
253	- ssh profile fix	253	- ssh profile fix
254	- evince profile fix	254	- evince profile fix
		255	- linphone profile fix
255	Dario Pellegrini (https://github.com/dpellegr)	256	Dario Pellegrini (https://github.com/dpellegr)
256	- allowing links in netns	257	- allowing links in netns
257	David Thole (https://github.com/TheDarkTrumpet)	258	David Thole (https://github.com/TheDarkTrumpet)
258	- added profile for teams-for-linux	259	- added profile for teams-for-linux
259	Davide Beatrici (https://github.com/davidebeatrici)	260	Davide Beatrici (https://github.com/davidebeatrici)
260	- steam.profile: correctly blacklist unneeded directories in user's home	261	- steam.profile: correctly blacklist unneeded directories in user's home
		262	- minetest fixes
261	David Hyrule (https://github.com/Svaag)	263	David Hyrule (https://github.com/Svaag)
262	- remove nou2f in ssh profile	264	- remove nou2f in ssh profile
263	Deelvesh Bunjun (https://github.com/DeelveshBunjun)	265	Deelvesh Bunjun (https://github.com/DeelveshBunjun)
@@ -515,6 +517,8 @@ KellerFuchs (https://github.com/KellerFuchs)
515	- added support for .local profile files in /etc/firejail	517	- added support for .local profile files in /etc/firejail
516	- fixed Cryptocat profile	518	- fixed Cryptocat profile
517	- make ~/.local read-only	519	- make ~/.local read-only
		520	Kelvin (https://github.com/kmk3)
		521	- disable ldns utilities
518	Kishore96in (https://github.com/Kishore96in)	522	Kishore96in (https://github.com/Kishore96in)
519	- added falkon profile	523	- added falkon profile
520	- kxmlgui fixes	524	- kxmlgui fixes
@@ -546,6 +550,7 @@ Liorst4 (https://github.com/Liorst4)
546	- Preserve CFLAGS given to configure in common.mk.in	550	- Preserve CFLAGS given to configure in common.mk.in
547	- fix emacs config to load as read-write	551	- fix emacs config to load as read-write
548	- disable browser drm by default	552	- disable browser drm by default
		553	- minetest fixes
549	Lockdis (https://github.com/Lockdis)	554	Lockdis (https://github.com/Lockdis)
550	- Added crow, nyx, and google-earth-pro profiles	555	- Added crow, nyx, and google-earth-pro profiles
551	Lukáš Krejčí (https://github.com/lskrejci)	556	Lukáš Krejčí (https://github.com/lskrejci)
@@ -604,6 +609,7 @@ Neo00001 (https://github.com/Neo00001)
604	- add vmware profile	609	- add vmware profile
605	- update virtualbox profile	610	- update virtualbox profile
606	- update telegram profile	611	- update telegram profile
		612	- add spectacle profile
607	Nick Fox (https://github.com/njfox)	613	Nick Fox (https://github.com/njfox)
608	- add a profile alias for code-oss	614	- add a profile alias for code-oss
609	- add code-oss config directory	615	- add code-oss config directory
@@ -701,6 +707,8 @@ Rahiel Kasim (https://github.com/rahiel)
701	- added telegram-desktop profile	707	- added telegram-desktop profile
702	Rahul Golam (https://github.com/technoLord)	708	Rahul Golam (https://github.com/technoLord)
703	- strings profile	709	- strings profile
		710	RandomVoid (https://github.com/RandomVoid)
		711	- fix building C# projects in Godot
704	Raphaël Droz (https://github.com/drzraf)	712	Raphaël Droz (https://github.com/drzraf)
705	- zoom profile fixes	713	- zoom profile fixes
706	Reiner Herrmann (https://github.com/reinerh)	714	Reiner Herrmann (https://github.com/reinerh)
@@ -953,6 +961,8 @@ Vladimir Schowalter (https://github.com/VladimirSchowalter20)
953	read-only kde5 services directory	961	read-only kde5 services directory
954	xee5ch (https://github.com/xee5ch)	962	xee5ch (https://github.com/xee5ch)
955	- skypeforlinux profile	963	- skypeforlinux profile
		964	Ypnose (https://github.com/Ypnose)
		965	- disable-shell.inc: add mksh shell
956	yumkam (https://github.com/yumkam)	966	yumkam (https://github.com/yumkam)
957	- add compile-time option to restrict --net= to root only	967	- add compile-time option to restrict --net= to root only
958	- man page fixes	968	- man page fixes


diff --git a/etc/profile-a-l/drill.profile b/etc/profile-a-l/drill.profile new file mode 100644 index 000000000..8c59b0cb6 --- /dev/null +++ b/etc/profile-a-l/drill.profile
@@ -0,0 +1,56 @@
		1	# Firejail profile for drill
		2	# Description: DNS lookup utility
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include drill.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${PATH}/drill
		11
		12	blacklist /tmp/.X11-unix
		13	blacklist ${RUNUSER}/wayland-*
		14	blacklist ${RUNUSER}
		15
		16	include disable-common.inc
		17	# include disable-devel.inc
		18	include disable-exec.inc
		19	# include disable-interpreters.inc
		20	include disable-passwdmgr.inc
		21	include disable-programs.inc
		22	include disable-xdg.inc
		23
		24	include whitelist-common.inc
		25	include whitelist-usr-share-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	ipc-namespace
		31	machine-id
		32	netfilter
		33	no3d
		34	nodvd
		35	nogroups
		36	nonewprivs
		37	noroot
		38	nosound
		39	notv
		40	nou2f
		41	novideo
		42	protocol unix,inet,inet6
		43	seccomp
		44	shell none
		45	tracelog
		46
		47	disable-mnt
		48	private
		49	private-bin bash,drill,sh
		50	private-dev
		51	private-tmp
		52
		53	dbus-user none
		54	dbus-system none
		55
		56	memory-deny-write-execute


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 000ed5258..fe6990229 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -180,6 +180,7 @@ dooble-qt4
180	dosbox	180	dosbox
181	dragon	181	dragon
182	drawio	182	drawio
		183	drill
183	dropbox	184	dropbox
184	d-feet	185	d-feet
185	easystroke	186	easystroke