diff options
| author |  Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-30 23:10:50 +0200 |
|---|---|---|
| committer | Thomas Jarosch <thomas.jarosch@intra2net.com> | 2016-07-30 23:55:16 +0200 |
| commit | 2d60937932a44ed5dfe3afecdae846386275a25a (patch) | |
| tree | 7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc/tar.profile | |
| parent | fixes (diff) | |
| download | firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip | |
Add profiles for tar (gtar), unzip and unrar
I've tested compression and uncompression of
various tar formats and also straced unzip/unrar
regarding their file access in /etc.
-> should be fine.
If you want to unpack files in /usr/bin,
then use the --ignore=private-bin switch.
Same for /etc: --ignore=private-etc
Diffstat (limited to 'etc/tar.profile')
| -rw-r--r-- | etc/tar.profile | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/etc/tar.profile b/etc/tar.profile new file mode 100644 index 000000000..4ce3e59f0 --- /dev/null +++ b/etc/tar.profile | |||
| @@ -0,0 +1,13 @@ | |||
| 1 | # tar profile | ||
| 2 | include /etc/firejail/default.profile | ||
| 3 | |||
| 4 | tracelog | ||
| 5 | net none | ||
| 6 | shell none | ||
| 7 | |||
| 8 | # support compressed archives | ||
| 9 | private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop | ||
| 10 | private-dev | ||
| 11 | private-etc passwd,group,localtime | ||
| 12 | hostname tar | ||
| 13 | nosound | ||