Refactor archivers (#3820)

* Create archiver-common.inc * add apparmor to archiver-common.inc * refactor 7z.profile * refactor ar.profile * refactor atool.profile * refactor bsdtar.profile * refactor cpio.profile * refactor gzip.profile * refactor tar.profile * refactor unrar.profile * refactor unzip.profile * refactor xzdec.profile * refactor zstd.profile * rewording * blacklist ${RUNUSER} in archiver-common.inc Thanks to @rusty-snake for suggesting this. * drop non-sensical ${RUNUSER}/wayland-* blacklisting in archiver-common.inc See discussion in https://github.com/netblue30/firejail/pull/3820#discussion_r543523343
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-12-15 19:05:54 +0000
committer: GitHub <noreply@github.com> 2020-12-15 19:05:54 +0000
commit: 4a40e2a5f2009cf282dd783e73e1fb860ac758ba (patch)
tree: 98ab549570bd67a4987bb2b1ad019b372c205f54 /etc/profile-m-z/unzip.profile
parent: Runuser fixes (#3826) (diff)
download: firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.gz
firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.zst
firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.zip
1 files changed, 2 insertions, 32 deletions
diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile
index e08511c12..30ee3ec12 100644
--- a/etc/profile-m-z/unzip.profile
+++ b/etc/profile-m-z/unzip.profile
@@ -7,42 +7,12 @@ include unzip.local
 # Persistent global definitions
 include globals.local
-blacklist ${RUNUSER}/wayland-*
 # GNOME Shell integration (chrome-gnome-shell)
 noblacklist ${HOME}/.local/share/gnome-shell
-include disable-common.inc
+ignore nogroups
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-include disable-shell.inc
-caps.drop all
-hostname unzip
-ipc-namespace
-machine-id
-net none
-no3d
-nodvd
-#nogroups
-nonewprivs
 noroot
-nosound
+include archiver-common.inc
-notv
-nou2f
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-x11 none
 private-bin unzip
-private-dev
 private-etc alternatives,group,localtime,passwd
-dbus-user none
-dbus-system none
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-12-15 19:05:54 +0000
committer	GitHub <noreply@github.com>	2020-12-15 19:05:54 +0000
commit	4a40e2a5f2009cf282dd783e73e1fb860ac758ba (patch)
tree	98ab549570bd67a4987bb2b1ad019b372c205f54 /etc/profile-m-z/unzip.profile
parent	Runuser fixes (#3826) (diff)
download	firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.gz firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.tar.zst firejail-4a40e2a5f2009cf282dd783e73e1fb860ac758ba.zip

diff --git a/etc/profile-m-z/unzip.profile b/etc/profile-m-z/unzip.profile index e08511c12..30ee3ec12 100644 --- a/etc/profile-m-z/unzip.profile +++ b/etc/profile-m-z/unzip.profile
@@ -7,42 +7,12 @@ include unzip.local
7	# Persistent global definitions	7	# Persistent global definitions
8	include globals.local	8	include globals.local
9		9
10	blacklist ${RUNUSER}/wayland-*
11
12	# GNOME Shell integration (chrome-gnome-shell)	10	# GNOME Shell integration (chrome-gnome-shell)
13	noblacklist ${HOME}/.local/share/gnome-shell	11	noblacklist ${HOME}/.local/share/gnome-shell
14		12
15	include disable-common.inc	13	ignore nogroups
16	include disable-devel.inc
17	include disable-exec.inc
18	include disable-interpreters.inc
19	include disable-passwdmgr.inc
20	include disable-programs.inc
21	include disable-shell.inc
22
23	caps.drop all
24	hostname unzip
25	ipc-namespace
26	machine-id
27	net none
28	no3d
29	nodvd
30	#nogroups
31	nonewprivs
32	noroot	14	noroot
33	nosound	15	include archiver-common.inc
34	notv
35	nou2f
36	novideo
37	protocol unix
38	seccomp
39	shell none
40	tracelog
41	x11 none
42		16
43	private-bin unzip	17	private-bin unzip
44	private-dev
45	private-etc alternatives,group,localtime,passwd	18	private-etc alternatives,group,localtime,passwd
46
47	dbus-user none
48	dbus-system none