Add profiles for tar (gtar), unzip and unrar

I've tested compression and uncompression of various tar formats and also straced unzip/unrar regarding their file access in /etc. -> should be fine. If you want to unpack files in /usr/bin, then use the --ignore=private-bin switch. Same for /etc: --ignore=private-etc
author: Thomas Jarosch <thomas.jarosch@intra2net.com> 2016-07-30 23:10:50 +0200
committer: Thomas Jarosch <thomas.jarosch@intra2net.com> 2016-07-30 23:55:16 +0200
commit: 2d60937932a44ed5dfe3afecdae846386275a25a (patch)
tree: 7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc
parent: fixes (diff)
download: firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz
firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst
firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip
4 files changed, 36 insertions, 0 deletions
diff --git a/etc/gtar.profile b/etc/gtar.profile
new file mode 100644
index 000000000..5dbc550f6
--- /dev/null
+++ b/etc/gtar.profile
@@ -0,0 +1 @@
+include /etc/firejail/tar.profile
diff --git a/etc/tar.profile b/etc/tar.profile
new file mode 100644
index 000000000..4ce3e59f0
--- /dev/null
+++ b/etc/tar.profile
@@ -0,0 +1,13 @@
+# tar profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+# support compressed archives
+private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-dev
+private-etc passwd,group,localtime
+hostname tar
+nosound
diff --git a/etc/unrar.profile b/etc/unrar.profile
new file mode 100644
index 000000000..ccd144699
--- /dev/null
+++ b/etc/unrar.profile
@@ -0,0 +1,11 @@
+# unrar profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin unrar
+private-dev
+private-etc passwd,group,localtime
+hostname unrar
+nosound
diff --git a/etc/unzip.profile b/etc/unzip.profile
new file mode 100644
index 000000000..d4862004c
--- /dev/null
+++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
+# unzip profile
+include /etc/firejail/default.profile
+tracelog
+net none
+shell none
+private-bin unzip
+private-dev
+private-etc passwd,group,localtime
+hostname unzip
+nosound
author	Thomas Jarosch <thomas.jarosch@intra2net.com>	2016-07-30 23:10:50 +0200
committer	Thomas Jarosch <thomas.jarosch@intra2net.com>	2016-07-30 23:55:16 +0200
commit	2d60937932a44ed5dfe3afecdae846386275a25a (patch)
tree	7c73bb02ca722174ef5387fdbb2988f6b193b5a2 /etc
parent	fixes (diff)
download	firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.gz firejail-2d60937932a44ed5dfe3afecdae846386275a25a.tar.zst firejail-2d60937932a44ed5dfe3afecdae846386275a25a.zip

diff --git a/etc/gtar.profile b/etc/gtar.profile new file mode 100644 index 000000000..5dbc550f6 --- /dev/null +++ b/etc/gtar.profile
@@ -0,0 +1 @@
		include /etc/firejail/tar.profile


diff --git a/etc/tar.profile b/etc/tar.profile new file mode 100644 index 000000000..4ce3e59f0 --- /dev/null +++ b/etc/tar.profile
@@ -0,0 +1,13 @@
	1	# tar profile
	2	include /etc/firejail/default.profile
	3
	4	tracelog
	5	net none
	6	shell none
	7
	8	# support compressed archives
	9	private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
	10	private-dev
	11	private-etc passwd,group,localtime
	12	hostname tar
	13	nosound


diff --git a/etc/unrar.profile b/etc/unrar.profile new file mode 100644 index 000000000..ccd144699 --- /dev/null +++ b/etc/unrar.profile
@@ -0,0 +1,11 @@
	1	# unrar profile
	2	include /etc/firejail/default.profile
	3
	4	tracelog
	5	net none
	6	shell none
	7	private-bin unrar
	8	private-dev
	9	private-etc passwd,group,localtime
	10	hostname unrar
	11	nosound


diff --git a/etc/unzip.profile b/etc/unzip.profile new file mode 100644 index 000000000..d4862004c --- /dev/null +++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
	1	# unzip profile
	2	include /etc/firejail/default.profile
	3
	4	tracelog
	5	net none
	6	shell none
	7	private-bin unzip
	8	private-dev
	9	private-etc passwd,group,localtime
	10	hostname unzip
	11	nosound