Add a profile for clamdscan, clamdtop, and freshclam

author: Tad <tad@spotco.us> 2017-09-18 14:27:58 -0400
committer: Tad <tad@spotco.us> 2017-09-18 14:27:58 -0400
commit: ae5948cb84bd1327ab9f6f0577fd75bfe9a74787 (patch)
tree: ee6f8a1bd5659453c8ecf24036adaef8f11bee3b
parent: Add a profile for ClamAV's clamscan (diff)
download: firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.gz
firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.zst
firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.zip
6 files changed, 84 insertions, 29 deletions
diff --git a/etc/clamav.profile b/etc/clamav.profile
new file mode 100644
index 000000000..a5aacc1d5
--- /dev/null
+++ b/etc/clamav.profile
@@ -0,0 +1,32 @@
+# Firejail profile for clamav
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamav.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+private-dev
+read-only ${HOME}
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
new file mode 100644
index 000000000..1fc728206
--- /dev/null
+++ b/etc/clamdscan.profile
@@ -0,0 +1,6 @@
+# Firejail profile alias for clamav
+# This file is overwritten after every install/update
+# Redirect
+include /etc/firejail/clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
new file mode 100644
index 000000000..1fc728206
--- /dev/null
+++ b/etc/clamdtop.profile
@@ -0,0 +1,6 @@
+# Firejail profile alias for clamav
+# This file is overwritten after every install/update
+# Redirect
+include /etc/firejail/clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index 2fd10171f..1fc728206 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -1,32 +1,6 @@
-# Firejail profile for clamscan
+# Firejail profile alias for clamav
 # This file is overwritten after every install/update
-quiet
-# Persistent local customizations
-include /etc/firejail/clamscan.local
-# Persistent global definitions
-include /etc/firejail/globals.local
-caps.drop all
+# Redirect
-ipc-namespace
+include /etc/firejail/clamav.profile
-net none
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-x11 none
-private-dev
-read-only ${HOME}
-memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
new file mode 100644
index 000000000..08eac5595
--- /dev/null
+++ b/etc/freshclam.profile
@@ -0,0 +1,34 @@
+# Firejail profile for freshclam
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamav.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+caps.keep setgid,setuid
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private
+private-dev
+private-tmp
+writable-var
+writable-var-log
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e623a1aa2..600743a41 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -41,6 +41,8 @@ catfish
 cherrytree
 chromium
 chromium-browser
+clamdscan
+clamdtop
 clamscan
 claws-mail
 clementine
@@ -86,6 +88,7 @@ flashpeak-slimjet
 flowblade
 fontforge
 franz
+freshclam
 frozen-bubble
 gajim
 galculator
author	Tad <tad@spotco.us>	2017-09-18 14:27:58 -0400
committer	Tad <tad@spotco.us>	2017-09-18 14:27:58 -0400
commit	ae5948cb84bd1327ab9f6f0577fd75bfe9a74787 (patch)
tree	ee6f8a1bd5659453c8ecf24036adaef8f11bee3b
parent	Add a profile for ClamAV's clamscan (diff)
download	firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.gz firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.tar.zst firejail-ae5948cb84bd1327ab9f6f0577fd75bfe9a74787.zip

diff --git a/etc/clamav.profile b/etc/clamav.profile new file mode 100644 index 000000000..a5aacc1d5 --- /dev/null +++ b/etc/clamav.profile
@@ -0,0 +1,32 @@
		1	# Firejail profile for clamav
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include /etc/firejail/clamav.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9
		10	caps.drop all
		11	ipc-namespace
		12	net none
		13	no3d
		14	nodvd
		15	nogroups
		16	nonewprivs
		17	noroot
		18	nosound
		19	notv
		20	novideo
		21	protocol unix
		22	seccomp
		23	shell none
		24	tracelog
		25	x11 none
		26
		27	private-dev
		28	read-only ${HOME}
		29
		30	memory-deny-write-execute
		31	noexec ${HOME}
		32	noexec /tmp


diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile new file mode 100644 index 000000000..1fc728206 --- /dev/null +++ b/etc/clamdscan.profile
@@ -0,0 +1,6 @@
		1	# Firejail profile alias for clamav
		2	# This file is overwritten after every install/update
		3
		4
		5	# Redirect
		6	include /etc/firejail/clamav.profile


diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile new file mode 100644 index 000000000..1fc728206 --- /dev/null +++ b/etc/clamdtop.profile
@@ -0,0 +1,6 @@
		1	# Firejail profile alias for clamav
		2	# This file is overwritten after every install/update
		3
		4
		5	# Redirect
		6	include /etc/firejail/clamav.profile


diff --git a/etc/clamscan.profile b/etc/clamscan.profile index 2fd10171f..1fc728206 100644 --- a/etc/clamscan.profile +++ b/etc/clamscan.profile
@@ -1,32 +1,6 @@
1	# Firejail profile for clamscan	1	# Firejail profile alias for clamav
2	# This file is overwritten after every install/update	2	# This file is overwritten after every install/update
3	quiet
4	# Persistent local customizations
5	include /etc/firejail/clamscan.local
6	# Persistent global definitions
7	include /etc/firejail/globals.local
8		3
9		4
10	caps.drop all	5	# Redirect
11	ipc-namespace	6	include /etc/firejail/clamav.profile
12	net none
13	no3d
14	nodvd
15	nogroups
16	nonewprivs
17	noroot
18	nosound
19	notv
20	novideo
21	protocol unix
22	seccomp
23	shell none
24	tracelog
25	x11 none
26
27	private-dev
28	read-only ${HOME}
29
30	memory-deny-write-execute
31	noexec ${HOME}
32	noexec /tmp


diff --git a/etc/freshclam.profile b/etc/freshclam.profile new file mode 100644 index 000000000..08eac5595 --- /dev/null +++ b/etc/freshclam.profile
@@ -0,0 +1,34 @@
		1	# Firejail profile for freshclam
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include /etc/firejail/clamav.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9
		10	caps.keep setgid,setuid
		11	ipc-namespace
		12	netfilter
		13	no3d
		14	nodvd
		15	nogroups
		16	nonewprivs
		17	nosound
		18	notv
		19	novideo
		20	protocol unix,inet,inet6
		21	seccomp
		22	shell none
		23	tracelog
		24
		25	disable-mnt
		26	private
		27	private-dev
		28	private-tmp
		29	writable-var
		30	writable-var-log
		31
		32	memory-deny-write-execute
		33	noexec ${HOME}
		34	noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e623a1aa2..600743a41 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -41,6 +41,8 @@ catfish
41	cherrytree	41	cherrytree
42	chromium	42	chromium
43	chromium-browser	43	chromium-browser
		44	clamdscan
		45	clamdtop
44	clamscan	46	clamscan
45	claws-mail	47	claws-mail
46	clementine	48	clementine
@@ -86,6 +88,7 @@ flashpeak-slimjet
86	flowblade	88	flowblade
87	fontforge	89	fontforge
88	franz	90	franz
		91	freshclam
89	frozen-bubble	92	frozen-bubble
90	gajim	93	gajim
91	galculator	94	galculator