Merge pull request #2164 from glitsj16/aria2c

New profile aria2c
author: netblue30 <netblue30@yahoo.com> 2018-10-11 08:28:31 -0500
committer: GitHub <noreply@github.com> 2018-10-11 08:28:31 -0500
commit: e6f55d24450fac904867ef137fb6001f98646434 (patch)
tree: 99846ca1b844a9f8650f04526fa1d66d7513a89a /etc
parent: Merge pull request #2163 from glitsj16/strings (diff)
parent: Add aria2c config (diff)
download: firejail-e6f55d24450fac904867ef137fb6001f98646434.tar.gz
firejail-e6f55d24450fac904867ef137fb6001f98646434.tar.zst
firejail-e6f55d24450fac904867ef137fb6001f98646434.zip
2 files changed, 46 insertions, 0 deletions
diff --git a/etc/aria2c.profile b/etc/aria2c.profile
new file mode 100644
index 000000000..4231c58ff
--- /dev/null
+++ b/etc/aria2c.profile
@@ -0,0 +1,45 @@
+# Firejail profile for aria2c
+# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/aria2c.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.aria2
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-xdg.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+# private
+private-bin aria2c,gzip
+private-cache
+private-dev
+private-etc ca-certificates,ssl
+private-lib libreadline.so.*
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 15499930d..9b5fe057a 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.anydesk
 blacklist ${HOME}/.arduino15
+blacklist ${HOME}/.aria2
 blacklist ${HOME}/.arm
 blacklist ${HOME}/.asunder_album_genre
 blacklist ${HOME}/.asunder_album_title
author	netblue30 <netblue30@yahoo.com>	2018-10-11 08:28:31 -0500
committer	GitHub <noreply@github.com>	2018-10-11 08:28:31 -0500
commit	e6f55d24450fac904867ef137fb6001f98646434 (patch)
tree	99846ca1b844a9f8650f04526fa1d66d7513a89a /etc
parent	Merge pull request #2163 from glitsj16/strings (diff)
parent	Add aria2c config (diff)
download	firejail-e6f55d24450fac904867ef137fb6001f98646434.tar.gz firejail-e6f55d24450fac904867ef137fb6001f98646434.tar.zst firejail-e6f55d24450fac904867ef137fb6001f98646434.zip

diff --git a/etc/aria2c.profile b/etc/aria2c.profile new file mode 100644 index 000000000..4231c58ff --- /dev/null +++ b/etc/aria2c.profile
@@ -0,0 +1,45 @@
		1	# Firejail profile for aria2c
		2	# Description: Download utility that supports HTTP(S), FTP, BitTorrent and Metalink
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/aria2c.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	noblacklist ${HOME}/.aria2
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-interpreters.inc
		14	include /etc/firejail/disable-passwdmgr.inc
		15	include /etc/firejail/disable-programs.inc
		16	include /etc/firejail/disable-xdg.inc
		17
		18	caps.drop all
		19	ipc-namespace
		20	netfilter
		21	no3d
		22	nodbus
		23	nodvd
		24	nogroups
		25	nonewprivs
		26	noroot
		27	nosound
		28	notv
		29	novideo
		30	protocol unix,inet,inet6
		31	seccomp
		32	shell none
		33
		34	disable-mnt
		35	# private
		36	private-bin aria2c,gzip
		37	private-cache
		38	private-dev
		39	private-etc ca-certificates,ssl
		40	private-lib libreadline.so.*
		41	private-tmp
		42
		43	memory-deny-write-execute
		44	noexec ${HOME}
		45	noexec /tmp


diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 15499930d..9b5fe057a 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -32,6 +32,7 @@ blacklist ${HOME}/.aMule
32	blacklist ${HOME}/.android	32	blacklist ${HOME}/.android
33	blacklist ${HOME}/.anydesk	33	blacklist ${HOME}/.anydesk
34	blacklist ${HOME}/.arduino15	34	blacklist ${HOME}/.arduino15
		35	blacklist ${HOME}/.aria2
35	blacklist ${HOME}/.arm	36	blacklist ${HOME}/.arm
36	blacklist ${HOME}/.asunder_album_genre	37	blacklist ${HOME}/.asunder_album_genre
37	blacklist ${HOME}/.asunder_album_title	38	blacklist ${HOME}/.asunder_album_title