profiles: add i2p

author: core_contingency <ccontingency@gmail.com> 2019-08-20 17:57:32 -0700
committer: core_contingency <ccontingency@gmail.com> 2019-08-21 15:11:03 -0700
commit: 7b968332937ca451016262947463924f847a159b (patch)
tree: d3050957dddbac6ccf75f5e7a5f5a20bfe3e7423 /etc/i2prouter.profile
parent: Refactor transmission profiles (#2920) (diff)
download: firejail-7b968332937ca451016262947463924f847a159b.tar.gz
firejail-7b968332937ca451016262947463924f847a159b.tar.zst
firejail-7b968332937ca451016262947463924f847a159b.zip
1 files changed, 64 insertions, 0 deletions
diff --git a/etc/i2prouter.profile b/etc/i2prouter.profile
new file mode 100644
index 000000000..7f9a60237
--- /dev/null
+++ b/etc/i2prouter.profile
@@ -0,0 +1,64 @@
+# Firejail profile for I2P
+# Description: A distributed anonymous network
+# This file is overwritten after every install/update
+# Persistent local customizations
+include i2prouter.local
+# Persistent global definitions
+include globals.local
+# Notice: default browser will not be able to automatically open, due to sandbox.
+# Auto-opening default browser can be disabled in the I2P router console.
+# This profile will not currently work with any Arch User Repository i2p packages,
+# use the distro-independent official java installer instead
+# Only needed if i2prouter binary is not in home directory, ubuntu official ppa package does this
+ignore noexec ${HOME}
+noblacklist ${HOME}/.config/i2p
+noblacklist ${HOME}/.i2p
+noblacklist ${HOME}/.local/share/i2p
+noblacklist ${HOME}/i2p
+# Only needed if wrapper is placed in /usr/sbin/, ubuntu official ppa package does this
+noblacklist /usr/sbin
+# Allow java (blacklisted by disable-devel.inc)
+include allow-java.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist ${HOME}/.config/I2P
+whitelist ${HOME}/.i2p
+whitelist ${HOME}/.local/share/I2P
+whitelist ${HOME}/i2p
+# Only needed if wrapper is placed in /usr/sbin/, ubuntu official ppa package does this
+whitelist /usr/sbin/wrapper*
+# May break I2P if wrapper is placed in the home directory
+# If using ubuntu official ppa, this should be fine to uncomment, as it puts wrapper in /usr/sbin/
+#apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp.drop @default-nodebuggers
+shell none
+disable-mnt
+private-cache
+private-dev
+private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,java-8-openjdk,i2p
+private-tmp
author	core_contingency <ccontingency@gmail.com>	2019-08-20 17:57:32 -0700
committer	core_contingency <ccontingency@gmail.com>	2019-08-21 15:11:03 -0700
commit	7b968332937ca451016262947463924f847a159b (patch)
tree	d3050957dddbac6ccf75f5e7a5f5a20bfe3e7423 /etc/i2prouter.profile
parent	Refactor transmission profiles (#2920) (diff)
download	firejail-7b968332937ca451016262947463924f847a159b.tar.gz firejail-7b968332937ca451016262947463924f847a159b.tar.zst firejail-7b968332937ca451016262947463924f847a159b.zip

diff --git a/etc/i2prouter.profile b/etc/i2prouter.profile new file mode 100644 index 000000000..7f9a60237 --- /dev/null +++ b/etc/i2prouter.profile
@@ -0,0 +1,64 @@
	1	# Firejail profile for I2P
	2	# Description: A distributed anonymous network
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include i2prouter.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Notice: default browser will not be able to automatically open, due to sandbox.
	10	# Auto-opening default browser can be disabled in the I2P router console.
	11	# This profile will not currently work with any Arch User Repository i2p packages,
	12	# use the distro-independent official java installer instead
	13
	14	# Only needed if i2prouter binary is not in home directory, ubuntu official ppa package does this
	15	ignore noexec ${HOME}
	16
	17	noblacklist ${HOME}/.config/i2p
	18	noblacklist ${HOME}/.i2p
	19	noblacklist ${HOME}/.local/share/i2p
	20	noblacklist ${HOME}/i2p
	21	# Only needed if wrapper is placed in /usr/sbin/, ubuntu official ppa package does this
	22	noblacklist /usr/sbin
	23
	24	# Allow java (blacklisted by disable-devel.inc)
	25	include allow-java.inc
	26	include disable-common.inc
	27	include disable-devel.inc
	28	include disable-exec.inc
	29	include disable-interpreters.inc
	30	include disable-passwdmgr.inc
	31	include disable-programs.inc
	32	include disable-xdg.inc
	33
	34	whitelist ${HOME}/.config/I2P
	35	whitelist ${HOME}/.i2p
	36	whitelist ${HOME}/.local/share/I2P
	37	whitelist ${HOME}/i2p
	38	# Only needed if wrapper is placed in /usr/sbin/, ubuntu official ppa package does this
	39	whitelist /usr/sbin/wrapper*
	40
	41	# May break I2P if wrapper is placed in the home directory
	42	# If using ubuntu official ppa, this should be fine to uncomment, as it puts wrapper in /usr/sbin/
	43	#apparmor
	44	caps.drop all
	45	ipc-namespace
	46	machine-id
	47	netfilter
	48	no3d
	49	nodvd
	50	nogroups
	51	nonewprivs
	52	nosound
	53	notv
	54	nou2f
	55	novideo
	56	protocol unix,inet,inet6
	57	seccomp.drop @default-nodebuggers
	58	shell none
	59
	60	disable-mnt
	61	private-cache
	62	private-dev
	63	private-etc alternatives,ca-certificates,crypto-policies,pki,ssl,java-8-openjdk,i2p
	64	private-tmp