new profile: gdu (#5289)

* add gdu to 'new profiles' section * Create gdu.profile * add gdu to firecfg * harden gdu sandbox * fix protocol * simulate empty protocol in gdu * more user-friendly gdu sandboxing
author: glitsj16 <glitsj16@users.noreply.github.com> 2022-08-09 21:11:18 +0000
committer: GitHub <noreply@github.com> 2022-08-09 21:11:18 +0000
commit: b18120cc2e8f4762a18361d67834f912289558ac (patch)
tree: f65f558627d56935c8fe006c503ace2202074601 /etc/profile-a-l/gdu.profile
parent: build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (diff)
download: firejail-b18120cc2e8f4762a18361d67834f912289558ac.tar.gz
firejail-b18120cc2e8f4762a18361d67834f912289558ac.tar.zst
firejail-b18120cc2e8f4762a18361d67834f912289558ac.zip
1 files changed, 46 insertions, 0 deletions
diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile
new file mode 100644
index 000000000..783183bea
--- /dev/null
+++ b/etc/profile-a-l/gdu.profile
@@ -0,0 +1,46 @@
+# Firejail profile for gdu
+# Description: Fast disk usage analyzer with console interface
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include gdu.local
+# Persistent global definitions
+include globals.local
+blacklist ${RUNUSER}/wayland-*
+include disable-exec.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+# block the socket syscall to simulate an be empty protocol line, see #639
+seccomp socket
+seccomp.block-secondary
+x11 none
+private-dev
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+# gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features.
+# Depending on workflow and use case the sandbox can be hardened by adding the
+# lines below to your gdu.local if you don't need/want these functionalities.
+#include disable-shell.inc
+#private-bin gdu
+#read-only ${HOME}
author	glitsj16 <glitsj16@users.noreply.github.com>	2022-08-09 21:11:18 +0000
committer	GitHub <noreply@github.com>	2022-08-09 21:11:18 +0000
commit	b18120cc2e8f4762a18361d67834f912289558ac (patch)
tree	f65f558627d56935c8fe006c503ace2202074601 /etc/profile-a-l/gdu.profile
parent	build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (diff)
download	firejail-b18120cc2e8f4762a18361d67834f912289558ac.tar.gz firejail-b18120cc2e8f4762a18361d67834f912289558ac.tar.zst firejail-b18120cc2e8f4762a18361d67834f912289558ac.zip

diff --git a/etc/profile-a-l/gdu.profile b/etc/profile-a-l/gdu.profile new file mode 100644 index 000000000..783183bea --- /dev/null +++ b/etc/profile-a-l/gdu.profile
@@ -0,0 +1,46 @@
	1	# Firejail profile for gdu
	2	# Description: Fast disk usage analyzer with console interface
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include gdu.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	blacklist ${RUNUSER}/wayland-*
	11
	12	include disable-exec.inc
	13
	14	apparmor
	15	caps.drop all
	16	ipc-namespace
	17	machine-id
	18	net none
	19	no3d
	20	nodvd
	21	nogroups
	22	noinput
	23	nonewprivs
	24	noroot
	25	nosound
	26	notv
	27	nou2f
	28	novideo
	29	# block the socket syscall to simulate an be empty protocol line, see #639
	30	seccomp socket
	31	seccomp.block-secondary
	32	x11 none
	33
	34	private-dev
	35
	36	dbus-user none
	37	dbus-system none
	38
	39	memory-deny-write-execute
	40
	41	# gdu has built-in delete (d), empty (e) dir/file support and shell spawning (b) features.
	42	# Depending on workflow and use case the sandbox can be hardened by adding the
	43	# lines below to your gdu.local if you don't need/want these functionalities.
	44	#include disable-shell.inc
	45	#private-bin gdu
	46	#read-only ${HOME}