Add profiles for tar (gtar), unzip and unrar

I've tested compression and uncompression of various tar formats and also straced unzip/unrar regarding their file access in /etc. -> should be fine. If you want to unpack files in /usr/bin, then use the --ignore=private-bin switch. Same for /etc: --ignore=private-etc
author: Thomas Jarosch <thomas.jarosch@intra2net.com> 2016-07-30 23:10:50 +0200
committer: Thomas Jarosch <thomas.jarosch@intra2net.com> 2016-07-30 23:55:16 +0200
commit: 2d60937932a44ed5dfe3afecdae846386275a25a (patch)
tree: 7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc/unzip.profile
parent: fixes (diff)
download: firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz
firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst
firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/etc/unzip.profile b/etc/unzip.profile
new file mode 100644
index 000000000..d4862004c
--- /dev/null
+++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
+# unzip profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin unzip
+private-dev
+private-etc passwd,group,localtime
+hostname unzip
+nosound
author	Thomas Jarosch <thomas.jarosch@intra2net.com>	2016-07-30 23:10:50 +0200
committer	Thomas Jarosch <thomas.jarosch@intra2net.com>	2016-07-30 23:55:16 +0200
commit	2d60937932a44ed5dfe3afecdae846386275a25a (patch)
tree	7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc/unzip.profile
parent	fixes (diff)
download	firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip

diff --git a/etc/unzip.profile b/etc/unzip.profile new file mode 100644 index 000000000..d4862004c --- /dev/null +++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
	1	# unzip profile
	2	include /etc/firejail/default.profile
	3
	4	tracelog
	5	net none
	6	shell none
	7	private-bin unzip
	8	private-dev
	9	private-etc passwd,group,localtime
	10	hostname unzip
	11	nosound