New profile: sniffnet (#5920)

* disable-programs.inc: add sniffnet support * Create sniffnet.profile * firecfg.config: add sniffnet support
author: glitsj16 <glitsj16@users.noreply.github.com> 2023-07-25 19:39:21 +0000
committer: GitHub <noreply@github.com> 2023-07-25 19:39:21 +0000
commit: 142a2130f79250a464a9a2dcaf02cdec61fdb92b (patch)
tree: e65b85a7f89bb3a02a62ff094c9187b415ae2c48 /etc/profile-m-z
parent: profiles: fixes and cleanups for opening links with firefox (#5919) (diff)
download: firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.tar.gz
firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.tar.zst
firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/etc/profile-m-z/sniffnet.profile b/etc/profile-m-z/sniffnet.profile
new file mode 100644
index 000000000..eb18c1f01
--- /dev/null
+++ b/etc/profile-m-z/sniffnet.profile
@@ -0,0 +1,49 @@
+# Firejail profile for sniffnet
+# Description: Network traffic monitor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sniffnet.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/sniffnet
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+#caps.drop all
+caps.keep net_admin,net_raw
+netfilter
+nodvd
+nogroups
+noinput
+# nonewprivs - breaks network traffic capture for unprivileged users
+# noroot
+notv
+nou2f
+novideo
+#seccomp
+tracelog
+disable-mnt
+#private-bin sniffnet
+# private-dev prevents (some) interfaces from being shown.
+private-etc @network,@tls-ca
+private-tmp
+dbus-user none
+dbus-system none
+#restrict-namespaces
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-07-25 19:39:21 +0000
committer	GitHub <noreply@github.com>	2023-07-25 19:39:21 +0000
commit	142a2130f79250a464a9a2dcaf02cdec61fdb92b (patch)
tree	e65b85a7f89bb3a02a62ff094c9187b415ae2c48 /etc/profile-m-z
parent	profiles: fixes and cleanups for opening links with firefox (#5919) (diff)
download	firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.tar.gz firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.tar.zst firejail-142a2130f79250a464a9a2dcaf02cdec61fdb92b.zip

diff --git a/etc/profile-m-z/sniffnet.profile b/etc/profile-m-z/sniffnet.profile new file mode 100644 index 000000000..eb18c1f01 --- /dev/null +++ b/etc/profile-m-z/sniffnet.profile
@@ -0,0 +1,49 @@
	1	# Firejail profile for sniffnet
	2	# Description: Network traffic monitor
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include sniffnet.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/sniffnet
	10
	11	include disable-common.inc
	12	include disable-devel.inc
	13	include disable-exec.inc
	14	include disable-interpreters.inc
	15	include disable-proc.inc
	16	include disable-programs.inc
	17	include disable-xdg.inc
	18
	19	include whitelist-common.inc
	20	include whitelist-run-common.inc
	21	include whitelist-runuser-common.inc
	22	include whitelist-usr-share-common.inc
	23	include whitelist-var-common.inc
	24
	25	apparmor
	26	#caps.drop all
	27	caps.keep net_admin,net_raw
	28	netfilter
	29	nodvd
	30	nogroups
	31	noinput
	32	# nonewprivs - breaks network traffic capture for unprivileged users
	33	# noroot
	34	notv
	35	nou2f
	36	novideo
	37	#seccomp
	38	tracelog
	39
	40	disable-mnt
	41	#private-bin sniffnet
	42	# private-dev prevents (some) interfaces from being shown.
	43	private-etc @network,@tls-ca
	44	private-tmp
	45
	46	dbus-user none
	47	dbus-system none
	48
	49	#restrict-namespaces