New profile: bpftop.profile (#6231)

Description: Dynamic real-time view of running eBPF programs. https://github.com/Netflix/bpftop https://aur.archlinux.org/packages/bpftop https://aur.archlinux.org/packages/bpftop-bin https://aur.archlinux.org/packages/bpftop-git
author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-14 18:44:37 +0000
committer: GitHub <noreply@github.com> 2024-03-14 18:44:37 +0000
commit: 9d01119c1c84c150ad0d312d2ec7088048f91bb5 (patch)
tree: 5d20d4092568448c90055fb8204b3517d10d65ae
parent: RELNOTES: add feature and build items (diff)
download: firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.tar.gz
firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.tar.zst
firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.zip
2 files changed, 62 insertions, 0 deletions
diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile
new file mode 100644
index 000000000..1bcfce06c
--- /dev/null
+++ b/etc/profile-a-l/bpftop.profile
@@ -0,0 +1,61 @@
+# Firejail profile for bpftop
+# Description: Dynamic real-time view of running eBPF programs
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include bpftop.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist /usr/libexec
+blacklist ${RUNUSER}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.keep sys_admin
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+noprinters
+#noroot
+nosound
+notv
+nou2f
+novideo
+seccomp.drop socket
+seccomp.block-secondary
+tracelog
+x11 none
+disable-mnt
+private-bin bpftop
+private-cache
+private-dev
+private-etc
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+restrict-namespaces
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 78f41e0a6..cf60b8112 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -107,6 +107,7 @@ blobby
 blobwars
 bluefish
 bnox
+bpftop
 brackets
 brasero
 brave
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-14 18:44:37 +0000
committer	GitHub <noreply@github.com>	2024-03-14 18:44:37 +0000
commit	9d01119c1c84c150ad0d312d2ec7088048f91bb5 (patch)
tree	5d20d4092568448c90055fb8204b3517d10d65ae
parent	RELNOTES: add feature and build items (diff)
download	firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.tar.gz firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.tar.zst firejail-9d01119c1c84c150ad0d312d2ec7088048f91bb5.zip

diff --git a/etc/profile-a-l/bpftop.profile b/etc/profile-a-l/bpftop.profile new file mode 100644 index 000000000..1bcfce06c --- /dev/null +++ b/etc/profile-a-l/bpftop.profile
@@ -0,0 +1,61 @@
		1	# Firejail profile for bpftop
		2	# Description: Dynamic real-time view of running eBPF programs
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include bpftop.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	blacklist /tmp/.X11-unix
		11	blacklist /usr/libexec
		12	blacklist ${RUNUSER}
		13
		14	include disable-common.inc
		15	include disable-devel.inc
		16	include disable-exec.inc
		17	include disable-interpreters.inc
		18	include disable-proc.inc
		19	include disable-programs.inc
		20	include disable-shell.inc
		21	include disable-xdg.inc
		22
		23	include whitelist-common.inc
		24	include whitelist-run-common.inc
		25	include whitelist-runuser-common.inc
		26	include whitelist-usr-share-common.inc
		27	include whitelist-var-common.inc
		28
		29	apparmor
		30	caps.keep sys_admin
		31	ipc-namespace
		32	machine-id
		33	net none
		34	no3d
		35	nodvd
		36	nogroups
		37	noinput
		38	noprinters
		39	#noroot
		40	nosound
		41	notv
		42	nou2f
		43	novideo
		44	seccomp.drop socket
		45	seccomp.block-secondary
		46	tracelog
		47	x11 none
		48
		49	disable-mnt
		50	private-bin bpftop
		51	private-cache
		52	private-dev
		53	private-etc
		54	private-tmp
		55
		56	dbus-user none
		57	dbus-system none
		58
		59	memory-deny-write-execute
		60	restrict-namespaces
		61	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 78f41e0a6..cf60b8112 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -107,6 +107,7 @@ blobby
107	blobwars	107	blobwars
108	bluefish	108	bluefish
109	bnox	109	bnox
		110	bpftop
110	brackets	111	brackets
111	brasero	112	brasero
112	brave	113	brave