Add profiles for build-systems (/package-managers)

Profiles: bunler, cargo (refactor), cmake (untested), make, meson, pip All redirect to build-systems-common.profile Other fixes: - blacklist ${HOME}/.bundle - blacklist ${HOME}/.cargo/* -> blacklist ${HOME}/.cargo - blacklist /usr/lib64/ruby
author: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-09-08 23:21:07 +0200
committer: rusty-snake <41237666+rusty-snake@users.noreply.github.com> 2021-09-08 23:21:07 +0200
commit: d452e45a9196aa2f4d34706fcfb7907707a19ff9 (patch)
tree: 1bc43ac88064e688a32e580a8e4512837f685733 /etc/profile-m-z
parent: Fix #4509 -- Nextcloud profile broken - needs 3D and system tray access (diff)
download: firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.gz
firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.zst
firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.zip
3 files changed, 49 insertions, 0 deletions
diff --git a/etc/profile-m-z/make.profile b/etc/profile-m-z/make.profile
new file mode 100644
index 000000000..7e9638fe4
--- /dev/null
+++ b/etc/profile-m-z/make.profile
@@ -0,0 +1,13 @@
+# Firejail profile for make
+# Description: GNU make utility to maintain groups of programs
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include make.local
+# Persistent global definitions
+include globals.local
+memory-deny-write-execute
+# Redirect
+include build-systems-common.profile
diff --git a/etc/profile-m-z/meson.profile b/etc/profile-m-z/meson.profile
new file mode 100644
index 000000000..43109e771
--- /dev/null
+++ b/etc/profile-m-z/meson.profile
@@ -0,0 +1,16 @@
+# Firejail profile for meson
+# Description: A high productivity build system
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include meson.local
+# Persistent global definitions
+include globals.local
+# Allow python3 (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+private-bin meson,python3*
+# Redirect
+include build-systems-common.profile
diff --git a/etc/profile-m-z/pip.profile b/etc/profile-m-z/pip.profile
new file mode 100644
index 000000000..54d95e335
--- /dev/null
+++ b/etc/profile-m-z/pip.profile
@@ -0,0 +1,20 @@
+# Firejail profile for pip
+# Description: package manager for Python packages
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include meson.local
+# Persistent global definitions
+include globals.local
+ignore read-only ${HOME}/.local/lib
+# Allow python3 (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+whitelist ${HOME}/.local/lib/python*
+private-bin pip,pip[0-9].[0-9],pip[0-9].[0-9],python3*
+# Redirect
+include build-systems-common.profile
author	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-09-08 23:21:07 +0200
committer	rusty-snake <41237666+rusty-snake@users.noreply.github.com>	2021-09-08 23:21:07 +0200
commit	d452e45a9196aa2f4d34706fcfb7907707a19ff9 (patch)
tree	1bc43ac88064e688a32e580a8e4512837f685733 /etc/profile-m-z
parent	Fix #4509 -- Nextcloud profile broken - needs 3D and system tray access (diff)
download	firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.gz firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.tar.zst firejail-d452e45a9196aa2f4d34706fcfb7907707a19ff9.zip

diff --git a/etc/profile-m-z/make.profile b/etc/profile-m-z/make.profile new file mode 100644 index 000000000..7e9638fe4 --- /dev/null +++ b/etc/profile-m-z/make.profile
@@ -0,0 +1,13 @@
	1	# Firejail profile for make
	2	# Description: GNU make utility to maintain groups of programs
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include make.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	memory-deny-write-execute
	11
	12	# Redirect
	13	include build-systems-common.profile


diff --git a/etc/profile-m-z/meson.profile b/etc/profile-m-z/meson.profile new file mode 100644 index 000000000..43109e771 --- /dev/null +++ b/etc/profile-m-z/meson.profile
@@ -0,0 +1,16 @@
	1	# Firejail profile for meson
	2	# Description: A high productivity build system
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include meson.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	# Allow python3 (blacklisted by disable-interpreters.inc)
	11	include allow-python3.inc
	12
	13	private-bin meson,python3*
	14
	15	# Redirect
	16	include build-systems-common.profile


diff --git a/etc/profile-m-z/pip.profile b/etc/profile-m-z/pip.profile new file mode 100644 index 000000000..54d95e335 --- /dev/null +++ b/etc/profile-m-z/pip.profile
@@ -0,0 +1,20 @@
	1	# Firejail profile for pip
	2	# Description: package manager for Python packages
	3	# This file is overwritten after every install/update
	4	quiet
	5	# Persistent local customizations
	6	include meson.local
	7	# Persistent global definitions
	8	include globals.local
	9
	10	ignore read-only ${HOME}/.local/lib
	11
	12	# Allow python3 (blacklisted by disable-interpreters.inc)
	13	include allow-python3.inc
	14
	15	whitelist ${HOME}/.local/lib/python*
	16
	17	private-bin pip,pip[0-9].[0-9],pip[0-9].[0-9],python3*
	18
	19	# Redirect
	20	include build-systems-common.profile