Create rsync.profile

author: rusty-snake <print_hello_world+Public@protonmail.com> 2019-07-25 14:11:08 +0200
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2019-07-25 14:11:08 +0200
commit: bdbb57747add56701de85d87b28491b8b82814f6 (patch)
tree: f640a7534597bf2f2abfe6497719465e36c3ee58
parent: fix file-roller.profile (diff)
download: firejail-bdbb57747add56701de85d87b28491b8b82814f6.tar.gz
firejail-bdbb57747add56701de85d87b28491b8b82814f6.tar.zst
firejail-bdbb57747add56701de85d87b28491b8b82814f6.zip
1 files changed, 54 insertions, 0 deletions
diff --git a/etc/rsync.profile b/etc/rsync.profile
new file mode 100644
index 000000000..53dcc6677
--- /dev/null
+++ b/etc/rsync.profile
@@ -0,0 +1,54 @@
+# Firejail profile for rsync
+# Description: a fast, versatile, remote (and local) file-copying tool
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include rsync.local
+# Persistent global definitions
+include globals.local
+# This profile is focused on using rsync as an client for downlaoding, it is not writen for using rsync
+#  - as an daemon (rsync --daemon)
+#  - creating backup of $HOME or a full system
+blacklist /tmp/.X11-unix
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+# Uncomment or add to rsync.local to enable extra hardening
+#whitelist ${DOWNLOADS}
+include whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-bin rsync
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
+private-tmp
+memory-deny-write-execute
author	rusty-snake <print_hello_world+Public@protonmail.com>	2019-07-25 14:11:08 +0200
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2019-07-25 14:11:08 +0200
commit	bdbb57747add56701de85d87b28491b8b82814f6 (patch)
tree	f640a7534597bf2f2abfe6497719465e36c3ee58
parent	fix file-roller.profile (diff)
download	firejail-bdbb57747add56701de85d87b28491b8b82814f6.tar.gz firejail-bdbb57747add56701de85d87b28491b8b82814f6.tar.zst firejail-bdbb57747add56701de85d87b28491b8b82814f6.zip

diff --git a/etc/rsync.profile b/etc/rsync.profile new file mode 100644 index 000000000..53dcc6677 --- /dev/null +++ b/etc/rsync.profile
@@ -0,0 +1,54 @@
	1	# Firejail profile for rsync
	2	# Description: a fast, versatile, remote (and local) file-copying tool
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include rsync.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	# This profile is focused on using rsync as an client for downlaoding, it is not writen for using rsync
	11	# - as an daemon (rsync --daemon)
	12	# - creating backup of $HOME or a full system
	13
	14	blacklist /tmp/.X11-unix
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	# Uncomment or add to rsync.local to enable extra hardening
	25	#whitelist ${DOWNLOADS}
	26	include whitelist-var-common.inc
	27
	28	caps.drop all
	29	ipc-namespace
	30	machine-id
	31	netfilter
	32	no3d
	33	nodbus
	34	nodvd
	35	nogroups
	36	nonewprivs
	37	noroot
	38	nosound
	39	notv
	40	nou2f
	41	novideo
	42	protocol unix,inet,inet6
	43	seccomp
	44	shell none
	45	tracelog
	46
	47	disable-mnt
	48	private-bin rsync
	49	private-cache
	50	private-dev
	51	private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl
	52	private-tmp
	53
	54	memory-deny-write-execute