diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2019-08-21 21:50:32 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-08-21 21:50:32 +0000 |
commit | a9b9cbfd98a6539fba30078374800791ed39b301 (patch) | |
tree | 98ba0d1cb2ea9373d23e3770dd251e9998851463 /etc | |
parent | Fix revert of previous trace fix. The issue was that programs were crashing b... (diff) | |
download | firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.gz firejail-a9b9cbfd98a6539fba30078374800791ed39b301.tar.zst firejail-a9b9cbfd98a6539fba30078374800791ed39b301.zip |
Refactor transmission profiles (#2920)
* Refactor transmission-cli
* Create transmission-common.profile
* Refactor transmission-create
* Refactor transmission-daemon
* Refactor transmission-edit
* Refactor transmission-gtk
* Refactor transmission-qt
* Refactor transmission-remote-cli
* Refactor transmission-remote-gtk
* Refactor transmission-remote
* Refactor transmission-show
Diffstat (limited to 'etc')
-rw-r--r-- | etc/transmission-cli.profile | 38 | ||||
-rw-r--r-- | etc/transmission-common.profile | 49 | ||||
-rw-r--r-- | etc/transmission-create.profile | 4 | ||||
-rw-r--r-- | etc/transmission-daemon.profile | 43 | ||||
-rw-r--r-- | etc/transmission-edit.profile | 4 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 48 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 48 | ||||
-rw-r--r-- | etc/transmission-remote-cli.profile | 11 | ||||
-rw-r--r-- | etc/transmission-remote-gtk.profile | 18 | ||||
-rw-r--r-- | etc/transmission-remote.profile | 38 | ||||
-rw-r--r-- | etc/transmission-show.profile | 38 |
11 files changed, 110 insertions, 229 deletions
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 60732bcf2..d41b994a3 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -5,39 +5,11 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-cli.local | 6 | include transmission-cli.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | # added by included profile |
9 | #include globals.local | ||
9 | 10 | ||
10 | noblacklist ${HOME}/.cache/transmission | 11 | #private-bin transmission-cli |
11 | noblacklist ${HOME}/.config/transmission | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | apparmor | ||
21 | caps.drop all | ||
22 | machine-id | ||
23 | netfilter | ||
24 | nodbus | ||
25 | nodvd | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | nosound | ||
29 | notv | ||
30 | nou2f | ||
31 | novideo | ||
32 | protocol inet,inet6 | ||
33 | seccomp | ||
34 | shell none | ||
35 | tracelog | ||
36 | |||
37 | # private-bin transmission-cli | ||
38 | private-dev | ||
39 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 12 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
40 | private-lib | ||
41 | private-tmp | ||
42 | 13 | ||
43 | memory-deny-write-execute | 14 | # Redirect |
15 | include transmission-common.profile | ||
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile new file mode 100644 index 000000000..e786fa8a3 --- /dev/null +++ b/etc/transmission-common.profile | |||
@@ -0,0 +1,49 @@ | |||
1 | # Firejail profile for transmission-common | ||
2 | # Description: Fast, easy and free BitTorrent client | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include transmission-gtk.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${HOME}/.cache/transmission | ||
11 | noblacklist ${HOME}/.config/transmission | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | mkdir ${HOME}/.cache/transmission | ||
21 | mkdir ${HOME}/.config/transmission | ||
22 | whitelist ${DOWNLOADS} | ||
23 | whitelist ${HOME}/.cache/transmission | ||
24 | whitelist ${HOME}/.config/transmission | ||
25 | include whitelist-common.inc | ||
26 | include whitelist-var-common.inc | ||
27 | |||
28 | apparmor | ||
29 | caps.drop all | ||
30 | machine-id | ||
31 | netfilter | ||
32 | nodbus | ||
33 | nodvd | ||
34 | nonewprivs | ||
35 | noroot | ||
36 | nosound | ||
37 | notv | ||
38 | nou2f | ||
39 | novideo | ||
40 | protocol unix,inet,inet6 | ||
41 | seccomp | ||
42 | shell none | ||
43 | tracelog | ||
44 | |||
45 | private-dev | ||
46 | private-lib | ||
47 | private-tmp | ||
48 | |||
49 | memory-deny-write-execute | ||
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile index 92a4770e2..7c09878bc 100644 --- a/etc/transmission-create.profile +++ b/etc/transmission-create.profile | |||
@@ -8,5 +8,7 @@ include transmission-create.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | private-bin transmission-create | ||
12 | |||
11 | # Redirect | 13 | # Redirect |
12 | include transmission-cli.profile | 14 | include transmission-common.profile |
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile index 9a6052ada..1c092ad17 100644 --- a/etc/transmission-daemon.profile +++ b/etc/transmission-daemon.profile | |||
@@ -5,40 +5,19 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-daemon.local | 6 | include transmission-daemon.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | # added by included profile |
9 | #include globals.local | ||
9 | 10 | ||
10 | noblacklist ${HOME}/.cache/transmission | 11 | whitelist /var/lib/transmission |
11 | noblacklist ${HOME}/.config/transmission | ||
12 | 12 | ||
13 | include disable-common.inc | 13 | caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot |
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | 14 | ||
20 | apparmor | 15 | #private-bin transmission-daemon |
21 | caps.drop all | ||
22 | machine-id | ||
23 | netfilter | ||
24 | nodbus | ||
25 | nodvd | ||
26 | nogroups | ||
27 | nonewprivs | ||
28 | noroot | ||
29 | nosound | ||
30 | notv | ||
31 | nou2f | ||
32 | novideo | ||
33 | protocol inet,inet6 | ||
34 | seccomp | ||
35 | shell none | ||
36 | tracelog | ||
37 | |||
38 | # private-bin transmission-daemon | ||
39 | private-dev | ||
40 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | 16 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
41 | private-lib | ||
42 | private-tmp | ||
43 | 17 | ||
44 | memory-deny-write-execute | 18 | read-write /var/lib/transmission |
19 | writable-var-log | ||
20 | writable-run-user | ||
21 | |||
22 | # Redirect | ||
23 | include transmission-common.profile | ||
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile index 6d8a98911..487ea8e51 100644 --- a/etc/transmission-edit.profile +++ b/etc/transmission-edit.profile | |||
@@ -8,5 +8,7 @@ include transmission-edit.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | private-bin transmission-edit | ||
12 | |||
11 | # Redirect | 13 | # Redirect |
12 | include transmission-cli.profile | 14 | include transmission-common.profile |
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 29df63573..a45d672ac 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -1,50 +1,16 @@ | |||
1 | # Firejail profile for transmission-gtk | 1 | # Firejail profile for transmission-gtk |
2 | # Description: Fast, easy and free BitTorrent client (GTK GUI) | 2 | # Description: Fast, easy and free BitTorrent client (GTK GUI) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include transmission-gtk.local | 6 | include transmission-gtk.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
7 | include globals.local | 8 | # added by included profile |
8 | 9 | #include globals.local | |
9 | noblacklist ${HOME}/.cache/transmission | ||
10 | noblacklist ${HOME}/.config/transmission | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | |||
19 | mkdir ${HOME}/.cache/transmission | ||
20 | mkdir ${HOME}/.config/transmission | ||
21 | whitelist ${DOWNLOADS} | ||
22 | whitelist ${HOME}/.cache/transmission | ||
23 | whitelist ${HOME}/.config/transmission | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | |||
27 | apparmor | ||
28 | caps.drop all | ||
29 | machine-id | ||
30 | netfilter | ||
31 | nodbus | ||
32 | nodvd | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | nosound | ||
36 | notv | ||
37 | nou2f | ||
38 | novideo | ||
39 | protocol unix,inet,inet6 | ||
40 | seccomp | ||
41 | shell none | ||
42 | tracelog | ||
43 | 10 | ||
44 | private-bin transmission-gtk | 11 | private-bin transmission-gtk |
45 | private-dev | ||
46 | private-lib | ||
47 | private-tmp | ||
48 | 12 | ||
49 | # Causes freeze during opening file dialog in Archlinux, see issue #1855 | 13 | ignore memory-deny-write-execute |
50 | # memory-deny-write-execute | 14 | |
15 | # Redirect | ||
16 | include transmission-common.profile | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 9fda5245f..f207a7e90 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -1,49 +1,19 @@ | |||
1 | # Firejail profile for transmission-qt | 1 | # Firejail profile for transmission-qt |
2 | # Description: Fast, easy and free BitTorrent client (Qt GUI) | 2 | # Description: Fast, easy and free BitTorrent client (Qt GUI) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include transmission-qt.local | 6 | include transmission-qt.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
7 | include globals.local | 8 | # added by included profile |
9 | #include globals.local | ||
8 | 10 | ||
9 | noblacklist ${HOME}/.cache/transmission | 11 | private-bin transmission-qt |
10 | noblacklist ${HOME}/.config/transmission | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | |||
19 | mkdir ${HOME}/.cache/transmission | ||
20 | mkdir ${HOME}/.config/transmission | ||
21 | whitelist ${DOWNLOADS} | ||
22 | whitelist ${HOME}/.cache/transmission | ||
23 | whitelist ${HOME}/.config/transmission | ||
24 | include whitelist-common.inc | ||
25 | include whitelist-var-common.inc | ||
26 | 12 | ||
27 | apparmor | 13 | # private-lib - breaks on Arch |
28 | caps.drop all | 14 | ignore private-lib |
29 | machine-id | ||
30 | netfilter | ||
31 | nodbus | ||
32 | nodvd | ||
33 | nonewprivs | ||
34 | noroot | ||
35 | nosound | ||
36 | notv | ||
37 | nou2f | ||
38 | novideo | ||
39 | protocol unix,inet,inet6 | ||
40 | seccomp | ||
41 | shell none | ||
42 | tracelog | ||
43 | 15 | ||
44 | private-bin transmission-qt | 16 | ignore memory-deny-write-execute |
45 | private-dev | ||
46 | # private-lib - problems on Arch | ||
47 | private-tmp | ||
48 | 17 | ||
49 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 | 18 | # Redirect |
19 | include transmission-common.profile | ||
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile index 2e7a31545..6ae6a957c 100644 --- a/etc/transmission-remote-cli.profile +++ b/etc/transmission-remote-cli.profile | |||
@@ -12,15 +12,8 @@ include transmission-remote-cli.local | |||
12 | include allow-python2.inc | 12 | include allow-python2.inc |
13 | include allow-python3.inc | 13 | include allow-python3.inc |
14 | 14 | ||
15 | mkdir ${HOME}/.cache/transmission | 15 | private-bin python*,transmission-remote-cli |
16 | mkdir ${HOME}/.config/transmission | ||
17 | whitelist ${HOME}/.cache/transmission | ||
18 | whitelist ${HOME}/.config/transmission | ||
19 | include whitelist-common.inc | ||
20 | include whitelist-var-common.inc | ||
21 | |||
22 | # private-bin python* | ||
23 | private-etc fonts | 16 | private-etc fonts |
24 | 17 | ||
25 | # Redirect | 18 | # Redirect |
26 | include transmission-remote.profile | 19 | include transmission-common.profile |
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile index 5a57e4887..f0b313aed 100644 --- a/etc/transmission-remote-gtk.profile +++ b/etc/transmission-remote-gtk.profile | |||
@@ -8,14 +8,16 @@ include transmission-remote-gtk.local | |||
8 | # added by included profile | 8 | # added by included profile |
9 | #include globals.local | 9 | #include globals.local |
10 | 10 | ||
11 | mkdir ${HOME}/.cache/transmission | 11 | noblacklist ${HOME}/.config/transmission-remote-gtk |
12 | mkdir ${HOME}/.config/transmission | ||
13 | whitelist ${HOME}/.cache/transmission | ||
14 | whitelist ${HOME}/.config/transmission | ||
15 | include whitelist-common.inc | ||
16 | include whitelist-var-common.inc | ||
17 | 12 | ||
18 | private-etc fonts | 13 | mkdir ${HOME}/.config/transmission-remote-gtk |
14 | whitelist ${HOME}/.config/transmission-remote-gtk | ||
15 | |||
16 | private-etc fonts,hostname,hosts,resolv.conf | ||
17 | # Problems with private-lib (see issue #2889) | ||
18 | ignore private-lib | ||
19 | |||
20 | ignore memory-deny-write-execute | ||
19 | 21 | ||
20 | # Redirect | 22 | # Redirect |
21 | include transmission-remote.profile | 23 | include transmission-common.profile |
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile index ddeb9adf9..9ef7119d9 100644 --- a/etc/transmission-remote.profile +++ b/etc/transmission-remote.profile | |||
@@ -5,39 +5,11 @@ quiet | |||
5 | # Persistent local customizations | 5 | # Persistent local customizations |
6 | include transmission-remote.local | 6 | include transmission-remote.local |
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | # added by included profile |
9 | #include globals.local | ||
9 | 10 | ||
10 | noblacklist ${HOME}/.cache/transmission | 11 | private-bin transmission-remote |
11 | noblacklist ${HOME}/.config/transmission | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-exec.inc | ||
16 | include disable-interpreters.inc | ||
17 | include disable-passwdmgr.inc | ||
18 | include disable-programs.inc | ||
19 | |||
20 | apparmor | ||
21 | caps.drop all | ||
22 | machine-id | ||
23 | netfilter | ||
24 | nodbus | ||
25 | nodvd | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | nosound | ||
29 | notv | ||
30 | nou2f | ||
31 | novideo | ||
32 | protocol inet,inet6 | ||
33 | seccomp | ||
34 | shell none | ||
35 | tracelog | ||
36 | |||
37 | # private-bin transmission-remote | ||
38 | private-dev | ||
39 | private-etc alternatives,hosts,nsswitch.conf | 12 | private-etc alternatives,hosts,nsswitch.conf |
40 | private-lib | ||
41 | private-tmp | ||
42 | 13 | ||
43 | memory-deny-write-execute | 14 | # Redirect |
15 | include transmission-common.profile | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 779606f04..89051f956 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -1,41 +1,15 @@ | |||
1 | # Firejail profile for transmission-show | 1 | # Firejail profile for transmission-show |
2 | # Description: CLI utility to show BitTorrent .torrent file metadata | 2 | # Description: CLI utility to show BitTorrent .torrent file metadata |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include transmission-show.local | 6 | include transmission-show.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
7 | include globals.local | 8 | # added by included profile |
9 | #include globals.local | ||
8 | 10 | ||
9 | noblacklist ${HOME}/.cache/transmission | 11 | private-bin transmission-show |
10 | noblacklist ${HOME}/.config/transmission | ||
11 | |||
12 | include disable-common.inc | ||
13 | include disable-devel.inc | ||
14 | include disable-exec.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | |||
19 | apparmor | ||
20 | caps.drop all | ||
21 | machine-id | ||
22 | netfilter | ||
23 | nodbus | ||
24 | nodvd | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | ||
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol inet,inet6 | ||
32 | seccomp | ||
33 | shell none | ||
34 | tracelog | ||
35 | |||
36 | private-dev | ||
37 | private-etc alternatives,hosts,nsswitch.conf | 12 | private-etc alternatives,hosts,nsswitch.conf |
38 | private-lib | ||
39 | private-tmp | ||
40 | 13 | ||
41 | memory-deny-write-execute | 14 | # Redirect |
15 | include transmission-common.profile | ||