New profile: statusof.profile (#6253)

Description: Python script to check the status of a list of URLs. https://github.com/Arthurdw/statusof
author: glitsj16 <glitsj16@users.noreply.github.com> 2024-03-14 18:48:02 +0000
committer: GitHub <noreply@github.com> 2024-03-14 18:48:02 +0000
commit: a97d53383f89bf88053e7dd3eeaf1a20d94c23fb (patch)
tree: 6d526b6e8a00e14037c48f540dfe85a543b5c3d6
parent: New profile: lyriek.profile (#6245) (diff)
download: firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.tar.gz
firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.tar.zst
firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.zip
2 files changed, 69 insertions, 0 deletions
diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile
new file mode 100644
index 000000000..7463b90f5
--- /dev/null
+++ b/etc/profile-m-z/statusof.profile
@@ -0,0 +1,68 @@
+# Firejail profile for statusof
+# Description: Small python script to check the status of a list of urls
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include statusof.local
+# Persistent global definitions
+include globals.local
+blacklist /tmp/.X11-unix
+blacklist /usr/libexec
+blacklist ${RUNUSER}
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noprinters
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol inet
+seccomp
+seccomp.block-secondary
+tracelog
+x11 none
+disable-mnt
+private
+private-bin python*,statusof
+private-cache
+private-dev
+private-etc @network,@tls-ca,httpd
+private-lib engines*,libcrypto.so.*,libssl.so.*,libz.so.*,python*
+private-tmp
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}
+restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 916ff3ba5..9b949cf90 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -812,6 +812,7 @@ ssh
 #ssh-agent # problems on Arch with Fish shell (#1568)
 standardnotes-desktop
 start-tor-browser
+statusof
 steam
 steam-native
 steam-runtime
author	glitsj16 <glitsj16@users.noreply.github.com>	2024-03-14 18:48:02 +0000
committer	GitHub <noreply@github.com>	2024-03-14 18:48:02 +0000
commit	a97d53383f89bf88053e7dd3eeaf1a20d94c23fb (patch)
tree	6d526b6e8a00e14037c48f540dfe85a543b5c3d6
parent	New profile: lyriek.profile (#6245) (diff)
download	firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.tar.gz firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.tar.zst firejail-a97d53383f89bf88053e7dd3eeaf1a20d94c23fb.zip

diff --git a/etc/profile-m-z/statusof.profile b/etc/profile-m-z/statusof.profile new file mode 100644 index 000000000..7463b90f5 --- /dev/null +++ b/etc/profile-m-z/statusof.profile
@@ -0,0 +1,68 @@
		1	# Firejail profile for statusof
		2	# Description: Small python script to check the status of a list of urls
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include statusof.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	blacklist /tmp/.X11-unix
		11	blacklist /usr/libexec
		12	blacklist ${RUNUSER}
		13
		14	# Allow python (blacklisted by disable-interpreters.inc)
		15	include allow-python3.inc
		16
		17	include disable-common.inc
		18	include disable-devel.inc
		19	include disable-exec.inc
		20	include disable-interpreters.inc
		21	include disable-proc.inc
		22	include disable-programs.inc
		23	include disable-shell.inc
		24	include disable-xdg.inc
		25
		26	include whitelist-common.inc
		27	include whitelist-run-common.inc
		28	include whitelist-runuser-common.inc
		29	include whitelist-usr-share-common.inc
		30	include whitelist-var-common.inc
		31
		32	apparmor
		33	caps.drop all
		34	ipc-namespace
		35	machine-id
		36	netfilter
		37	no3d
		38	nodvd
		39	nogroups
		40	noinput
		41	nonewprivs
		42	noprinters
		43	noroot
		44	nosound
		45	notv
		46	nou2f
		47	novideo
		48	protocol inet
		49	seccomp
		50	seccomp.block-secondary
		51	tracelog
		52	x11 none
		53
		54	disable-mnt
		55	private
		56	private-bin python*,statusof
		57	private-cache
		58	private-dev
		59	private-etc @network,@tls-ca,httpd
		60	private-lib engines,libcrypto.so.,libssl.so.,libz.so.,python*
		61	private-tmp
		62
		63	dbus-user none
		64	dbus-system none
		65
		66	memory-deny-write-execute
		67	read-only ${HOME}
		68	restrict-namespaces


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 916ff3ba5..9b949cf90 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -812,6 +812,7 @@ ssh
812	#ssh-agent # problems on Arch with Fish shell (#1568)	812	#ssh-agent # problems on Arch with Fish shell (#1568)
813	standardnotes-desktop	813	standardnotes-desktop
814	start-tor-browser	814	start-tor-browser
		815	statusof
815	steam	816	steam
816	steam-native	817	steam-native
817	steam-runtime	818	steam-runtime