Refactor transmission profiles (#2920)

* Refactor transmission-cli * Create transmission-common.profile * Refactor transmission-create * Refactor transmission-daemon * Refactor transmission-edit * Refactor transmission-gtk * Refactor transmission-qt * Refactor transmission-remote-cli * Refactor transmission-remote-gtk * Refactor transmission-remote * Refactor transmission-show
author: glitsj16 <glitsj16@users.noreply.github.com> 2019-08-21 21:50:32 +0000
committer: GitHub <noreply@github.com> 2019-08-21 21:50:32 +0000
commit: a9b9cbfd98a6539fba30078374800791ed39b301 (patch)
tree: 98ba0d1cb2ea9373d23e3770dd251e9998851463
parent: Fix revert of previous trace fix. The issue was that programs were crashing b... (diff)
download: firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.gz
firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.zst
firejail-a9b9cbfd98a6539fba30078374800791ed39b301.zip
11 files changed, 110 insertions, 229 deletions
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 60732bcf2..d41b994a3 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -5,39 +5,11 @@ quiet
 # Persistent local customizations
 include transmission-cli.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
+#private-bin transmission-cli
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-# private-bin transmission-cli
-private-dev
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
-private-lib
-private-tmp
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile
new file mode 100644
index 000000000..e786fa8a3
--- /dev/null
+++ b/etc/transmission-common.profile
@@ -0,0 +1,49 @@
+# Firejail profile for transmission-common
+# Description: Fast, easy and free BitTorrent client
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include transmission-gtk.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.cache/transmission
+noblacklist ${HOME}/.config/transmission
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+mkdir ${HOME}/.cache/transmission
+mkdir ${HOME}/.config/transmission
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/transmission
+whitelist ${HOME}/.config/transmission
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodbus
+nodvd
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-dev
+private-lib
+private-tmp
+memory-deny-write-execute
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile
index 92a4770e2..7c09878bc 100644
--- a/etc/transmission-create.profile
+++ b/etc/transmission-create.profile
@@ -8,5 +8,7 @@ include transmission-create.local
 # added by included profile
 #include globals.local
+private-bin transmission-create
 # Redirect
-include transmission-cli.profile
+include transmission-common.profile
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile
index 9a6052ada..1c092ad17 100644
--- a/etc/transmission-daemon.profile
+++ b/etc/transmission-daemon.profile
@@ -5,40 +5,19 @@ quiet
 # Persistent local customizations
 include transmission-daemon.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
+whitelist /var/lib/transmission
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
+caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-apparmor
+#private-bin transmission-daemon
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-# private-bin transmission-daemon
-private-dev
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
-private-lib
-private-tmp
-memory-deny-write-execute
+read-write /var/lib/transmission
+writable-var-log
+writable-run-user
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile
index 6d8a98911..487ea8e51 100644
--- a/etc/transmission-edit.profile
+++ b/etc/transmission-edit.profile
@@ -8,5 +8,7 @@ include transmission-edit.local
 # added by included profile
 #include globals.local
+private-bin transmission-edit
 # Redirect
-include transmission-cli.profile
+include transmission-common.profile
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 29df63573..a45d672ac 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -1,50 +1,16 @@
 # Firejail profile for transmission-gtk
 # Description: Fast, easy and free BitTorrent client (GTK GUI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-gtk.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
 private-bin transmission-gtk
-private-dev
-private-lib
-private-tmp
-# Causes freeze during opening file dialog in Archlinux, see issue #1855
+ignore memory-deny-write-execute
-# memory-deny-write-execute
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 9fda5245f..f207a7e90 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -1,49 +1,19 @@
 # Firejail profile for transmission-qt
 # Description: Fast, easy and free BitTorrent client (Qt GUI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-qt.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
+private-bin transmission-qt
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-apparmor
+# private-lib - breaks on Arch
-caps.drop all
+ignore private-lib
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
-private-bin transmission-qt
+ignore memory-deny-write-execute
-private-dev
-# private-lib - problems on Arch
-private-tmp
-# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile
index 2e7a31545..6ae6a957c 100644
--- a/etc/transmission-remote-cli.profile
+++ b/etc/transmission-remote-cli.profile
@@ -12,15 +12,8 @@ include transmission-remote-cli.local
 include allow-python2.inc
 include allow-python3.inc
-mkdir ${HOME}/.cache/transmission
+private-bin python*,transmission-remote-cli
-mkdir ${HOME}/.config/transmission
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-# private-bin python*
 private-etc fonts
 # Redirect
-include transmission-remote.profile
+include transmission-common.profile
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile
index 5a57e4887..f0b313aed 100644
--- a/etc/transmission-remote-gtk.profile
+++ b/etc/transmission-remote-gtk.profile
@@ -8,14 +8,16 @@ include transmission-remote-gtk.local
 # added by included profile
 #include globals.local
-mkdir ${HOME}/.cache/transmission
+noblacklist ${HOME}/.config/transmission-remote-gtk
-mkdir ${HOME}/.config/transmission
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-private-etc fonts
+mkdir ${HOME}/.config/transmission-remote-gtk
+whitelist ${HOME}/.config/transmission-remote-gtk
+private-etc fonts,hostname,hosts,resolv.conf
+# Problems with private-lib (see issue #2889)
+ignore private-lib
+ignore memory-deny-write-execute
 # Redirect
-include transmission-remote.profile
+include transmission-common.profile
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile
index ddeb9adf9..9ef7119d9 100644
--- a/etc/transmission-remote.profile
+++ b/etc/transmission-remote.profile
@@ -5,39 +5,11 @@ quiet
 # Persistent local customizations
 include transmission-remote.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
+private-bin transmission-remote
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-# private-bin transmission-remote
-private-dev
 private-etc alternatives,hosts,nsswitch.conf
-private-lib
-private-tmp
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 779606f04..89051f956 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -1,41 +1,15 @@
 # Firejail profile for transmission-show
 # Description: CLI utility to show BitTorrent .torrent file metadata
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-show.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
-noblacklist ${HOME}/.cache/transmission
+private-bin transmission-show
-noblacklist ${HOME}/.config/transmission
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-private-dev
 private-etc alternatives,hosts,nsswitch.conf
-private-lib
-private-tmp
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
author	glitsj16 <glitsj16@users.noreply.github.com>	2019-08-21 21:50:32 +0000
committer	GitHub <noreply@github.com>	2019-08-21 21:50:32 +0000
commit	a9b9cbfd98a6539fba30078374800791ed39b301 (patch)
tree	98ba0d1cb2ea9373d23e3770dd251e9998851463
parent	Fix revert of previous trace fix. The issue was that programs were crashing b... (diff)
download	firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.gz firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.zst firejail-a9b9cbfd98a6539fba30078374800791ed39b301.zip

diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 60732bcf2..d41b994a3 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile
@@ -5,39 +5,11 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include transmission-cli.local	6	include transmission-cli.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	# added by included profile
		9	#include globals.local
9		10
10	noblacklist ${HOME}/.cache/transmission	11	#private-bin transmission-cli
11	noblacklist ${HOME}/.config/transmission
12
13	include disable-common.inc
14	include disable-devel.inc
15	include disable-exec.inc
16	include disable-interpreters.inc
17	include disable-passwdmgr.inc
18	include disable-programs.inc
19
20	apparmor
21	caps.drop all
22	machine-id
23	netfilter
24	nodbus
25	nodvd
26	nonewprivs
27	noroot
28	nosound
29	notv
30	nou2f
31	novideo
32	protocol inet,inet6
33	seccomp
34	shell none
35	tracelog
36
37	# private-bin transmission-cli
38	private-dev
39	private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl	12	private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
40	private-lib
41	private-tmp
42		13
43	memory-deny-write-execute	14	# Redirect
		15	include transmission-common.profile


diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile new file mode 100644 index 000000000..e786fa8a3 --- /dev/null +++ b/etc/transmission-common.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for transmission-common
		2	# Description: Fast, easy and free BitTorrent client
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include transmission-gtk.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	noblacklist ${HOME}/.cache/transmission
		11	noblacklist ${HOME}/.config/transmission
		12
		13	include disable-common.inc
		14	include disable-devel.inc
		15	include disable-exec.inc
		16	include disable-interpreters.inc
		17	include disable-passwdmgr.inc
		18	include disable-programs.inc
		19
		20	mkdir ${HOME}/.cache/transmission
		21	mkdir ${HOME}/.config/transmission
		22	whitelist ${DOWNLOADS}
		23	whitelist ${HOME}/.cache/transmission
		24	whitelist ${HOME}/.config/transmission
		25	include whitelist-common.inc
		26	include whitelist-var-common.inc
		27
		28	apparmor
		29	caps.drop all
		30	machine-id
		31	netfilter
		32	nodbus
		33	nodvd
		34	nonewprivs
		35	noroot
		36	nosound
		37	notv
		38	nou2f
		39	novideo
		40	protocol unix,inet,inet6
		41	seccomp
		42	shell none
		43	tracelog
		44
		45	private-dev
		46	private-lib
		47	private-tmp
		48
		49	memory-deny-write-execute


diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile index 92a4770e2..7c09878bc 100644 --- a/etc/transmission-create.profile +++ b/etc/transmission-create.profile
@@ -8,5 +8,7 @@ include transmission-create.local
8	# added by included profile	8	# added by included profile
9	#include globals.local	9	#include globals.local
10		10
		11	private-bin transmission-create
		12
11	# Redirect	13	# Redirect
12	include transmission-cli.profile	14	include transmission-common.profile


diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile index 9a6052ada..1c092ad17 100644 --- a/etc/transmission-daemon.profile +++ b/etc/transmission-daemon.profile
@@ -5,40 +5,19 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include transmission-daemon.local	6	include transmission-daemon.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	# added by included profile
		9	#include globals.local
9		10
10	noblacklist ${HOME}/.cache/transmission	11	whitelist /var/lib/transmission
11	noblacklist ${HOME}/.config/transmission
12		12
13	include disable-common.inc	13	caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
14	include disable-devel.inc
15	include disable-exec.inc
16	include disable-interpreters.inc
17	include disable-passwdmgr.inc
18	include disable-programs.inc
19		14
20	apparmor	15	#private-bin transmission-daemon
21	caps.drop all
22	machine-id
23	netfilter
24	nodbus
25	nodvd
26	nogroups
27	nonewprivs
28	noroot
29	nosound
30	notv
31	nou2f
32	novideo
33	protocol inet,inet6
34	seccomp
35	shell none
36	tracelog
37
38	# private-bin transmission-daemon
39	private-dev
40	private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl	16	private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
41	private-lib
42	private-tmp
43		17
44	memory-deny-write-execute	18	read-write /var/lib/transmission
		19	writable-var-log
		20	writable-run-user
		21
		22	# Redirect
		23	include transmission-common.profile


diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile index 6d8a98911..487ea8e51 100644 --- a/etc/transmission-edit.profile +++ b/etc/transmission-edit.profile
@@ -8,5 +8,7 @@ include transmission-edit.local
8	# added by included profile	8	# added by included profile
9	#include globals.local	9	#include globals.local
10		10
		11	private-bin transmission-edit
		12
11	# Redirect	13	# Redirect
12	include transmission-cli.profile	14	include transmission-common.profile


diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 29df63573..a45d672ac 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile
@@ -1,50 +1,16 @@
1	# Firejail profile for transmission-gtk	1	# Firejail profile for transmission-gtk
2	# Description: Fast, easy and free BitTorrent client (GTK GUI)	2	# Description: Fast, easy and free BitTorrent client (GTK GUI)
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
		4	quiet
4	# Persistent local customizations	5	# Persistent local customizations
5	include transmission-gtk.local	6	include transmission-gtk.local
6	# Persistent global definitions	7	# Persistent global definitions
7	include globals.local	8	# added by included profile
8		9	#include globals.local
9	noblacklist ${HOME}/.cache/transmission
10	noblacklist ${HOME}/.config/transmission
11
12	include disable-common.inc
13	include disable-devel.inc
14	include disable-exec.inc
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	include disable-programs.inc
18
19	mkdir ${HOME}/.cache/transmission
20	mkdir ${HOME}/.config/transmission
21	whitelist ${DOWNLOADS}
22	whitelist ${HOME}/.cache/transmission
23	whitelist ${HOME}/.config/transmission
24	include whitelist-common.inc
25	include whitelist-var-common.inc
26
27	apparmor
28	caps.drop all
29	machine-id
30	netfilter
31	nodbus
32	nodvd
33	nonewprivs
34	noroot
35	nosound
36	notv
37	nou2f
38	novideo
39	protocol unix,inet,inet6
40	seccomp
41	shell none
42	tracelog
43		10
44	private-bin transmission-gtk	11	private-bin transmission-gtk
45	private-dev
46	private-lib
47	private-tmp
48		12
49	# Causes freeze during opening file dialog in Archlinux, see issue #1855	13	ignore memory-deny-write-execute
50	# memory-deny-write-execute	14
		15	# Redirect
		16	include transmission-common.profile


diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 9fda5245f..f207a7e90 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile
@@ -1,49 +1,19 @@
1	# Firejail profile for transmission-qt	1	# Firejail profile for transmission-qt
2	# Description: Fast, easy and free BitTorrent client (Qt GUI)	2	# Description: Fast, easy and free BitTorrent client (Qt GUI)
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
		4	quiet
4	# Persistent local customizations	5	# Persistent local customizations
5	include transmission-qt.local	6	include transmission-qt.local
6	# Persistent global definitions	7	# Persistent global definitions
7	include globals.local	8	# added by included profile
		9	#include globals.local
8		10
9	noblacklist ${HOME}/.cache/transmission	11	private-bin transmission-qt
10	noblacklist ${HOME}/.config/transmission
11
12	include disable-common.inc
13	include disable-devel.inc
14	include disable-exec.inc
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	include disable-programs.inc
18
19	mkdir ${HOME}/.cache/transmission
20	mkdir ${HOME}/.config/transmission
21	whitelist ${DOWNLOADS}
22	whitelist ${HOME}/.cache/transmission
23	whitelist ${HOME}/.config/transmission
24	include whitelist-common.inc
25	include whitelist-var-common.inc
26		12
27	apparmor	13	# private-lib - breaks on Arch
28	caps.drop all	14	ignore private-lib
29	machine-id
30	netfilter
31	nodbus
32	nodvd
33	nonewprivs
34	noroot
35	nosound
36	notv
37	nou2f
38	novideo
39	protocol unix,inet,inet6
40	seccomp
41	shell none
42	tracelog
43		15
44	private-bin transmission-qt	16	ignore memory-deny-write-execute
45	private-dev
46	# private-lib - problems on Arch
47	private-tmp
48		17
49	# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0	18	# Redirect
		19	include transmission-common.profile


diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile index 2e7a31545..6ae6a957c 100644 --- a/etc/transmission-remote-cli.profile +++ b/etc/transmission-remote-cli.profile
@@ -12,15 +12,8 @@ include transmission-remote-cli.local
12	include allow-python2.inc	12	include allow-python2.inc
13	include allow-python3.inc	13	include allow-python3.inc
14		14
15	mkdir ${HOME}/.cache/transmission	15	private-bin python*,transmission-remote-cli
16	mkdir ${HOME}/.config/transmission
17	whitelist ${HOME}/.cache/transmission
18	whitelist ${HOME}/.config/transmission
19	include whitelist-common.inc
20	include whitelist-var-common.inc
21
22	# private-bin python*
23	private-etc fonts	16	private-etc fonts
24		17
25	# Redirect	18	# Redirect
26	include transmission-remote.profile	19	include transmission-common.profile


diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile index 5a57e4887..f0b313aed 100644 --- a/etc/transmission-remote-gtk.profile +++ b/etc/transmission-remote-gtk.profile
@@ -8,14 +8,16 @@ include transmission-remote-gtk.local
8	# added by included profile	8	# added by included profile
9	#include globals.local	9	#include globals.local
10		10
11	mkdir ${HOME}/.cache/transmission	11	noblacklist ${HOME}/.config/transmission-remote-gtk
12	mkdir ${HOME}/.config/transmission
13	whitelist ${HOME}/.cache/transmission
14	whitelist ${HOME}/.config/transmission
15	include whitelist-common.inc
16	include whitelist-var-common.inc
17		12
18	private-etc fonts	13	mkdir ${HOME}/.config/transmission-remote-gtk
		14	whitelist ${HOME}/.config/transmission-remote-gtk
		15
		16	private-etc fonts,hostname,hosts,resolv.conf
		17	# Problems with private-lib (see issue #2889)
		18	ignore private-lib
		19
		20	ignore memory-deny-write-execute
19		21
20	# Redirect	22	# Redirect
21	include transmission-remote.profile	23	include transmission-common.profile


diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile index ddeb9adf9..9ef7119d9 100644 --- a/etc/transmission-remote.profile +++ b/etc/transmission-remote.profile
@@ -5,39 +5,11 @@ quiet
5	# Persistent local customizations	5	# Persistent local customizations
6	include transmission-remote.local	6	include transmission-remote.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	# added by included profile
		9	#include globals.local
9		10
10	noblacklist ${HOME}/.cache/transmission	11	private-bin transmission-remote
11	noblacklist ${HOME}/.config/transmission
12
13	include disable-common.inc
14	include disable-devel.inc
15	include disable-exec.inc
16	include disable-interpreters.inc
17	include disable-passwdmgr.inc
18	include disable-programs.inc
19
20	apparmor
21	caps.drop all
22	machine-id
23	netfilter
24	nodbus
25	nodvd
26	nonewprivs
27	noroot
28	nosound
29	notv
30	nou2f
31	novideo
32	protocol inet,inet6
33	seccomp
34	shell none
35	tracelog
36
37	# private-bin transmission-remote
38	private-dev
39	private-etc alternatives,hosts,nsswitch.conf	12	private-etc alternatives,hosts,nsswitch.conf
40	private-lib
41	private-tmp
42		13
43	memory-deny-write-execute	14	# Redirect
		15	include transmission-common.profile


diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 779606f04..89051f956 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile
@@ -1,41 +1,15 @@
1	# Firejail profile for transmission-show	1	# Firejail profile for transmission-show
2	# Description: CLI utility to show BitTorrent .torrent file metadata	2	# Description: CLI utility to show BitTorrent .torrent file metadata
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
		4	quiet
4	# Persistent local customizations	5	# Persistent local customizations
5	include transmission-show.local	6	include transmission-show.local
6	# Persistent global definitions	7	# Persistent global definitions
7	include globals.local	8	# added by included profile
		9	#include globals.local
8		10
9	noblacklist ${HOME}/.cache/transmission	11	private-bin transmission-show
10	noblacklist ${HOME}/.config/transmission
11
12	include disable-common.inc
13	include disable-devel.inc
14	include disable-exec.inc
15	include disable-interpreters.inc
16	include disable-passwdmgr.inc
17	include disable-programs.inc
18
19	apparmor
20	caps.drop all
21	machine-id
22	netfilter
23	nodbus
24	nodvd
25	nonewprivs
26	noroot
27	nosound
28	notv
29	nou2f
30	novideo
31	protocol inet,inet6
32	seccomp
33	shell none
34	tracelog
35
36	private-dev
37	private-etc alternatives,hosts,nsswitch.conf	12	private-etc alternatives,hosts,nsswitch.conf
38	private-lib
39	private-tmp
40		13
41	memory-deny-write-execute	14	# Redirect
		15	include transmission-common.profile