Add a profile for ZAProxy

author: Tad <tad@spotco.us> 2017-10-10 12:39:26 -0400
committer: Tad <tad@spotco.us> 2017-10-10 12:39:26 -0400
commit: 9627229b6ffe1566ffd26f9d3a8be2938784cc21 (patch)
tree: a08f0866e11f07fe239982957d5e03250a2b57e6 /etc
parent: private-lib (diff)
download: firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.gz
firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.zst
firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.zip
2 files changed, 43 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 064e60294..0e5400dd6 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.TelegramDesktop
 blacklist ${HOME}/.ViberPC
 blacklist ${HOME}/.VirtualBox
 blacklist ${HOME}/.Wolfram Research
+blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.arduino15
diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile
new file mode 100644
index 000000000..3cce79a2e
--- /dev/null
+++ b/etc/zaproxy.profile
@@ -0,0 +1,42 @@
+# Firejail profile for zaproxy
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/zaproxy.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.java
+noblacklist ${HOME}/.ZAP
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+mkdir ${HOME}/.ZAP
+whitelist ${HOME}/.java
+whitelist ${HOME}/.ZAP
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	Tad <tad@spotco.us>	2017-10-10 12:39:26 -0400
committer	Tad <tad@spotco.us>	2017-10-10 12:39:26 -0400
commit	9627229b6ffe1566ffd26f9d3a8be2938784cc21 (patch)
tree	a08f0866e11f07fe239982957d5e03250a2b57e6 /etc
parent	private-lib (diff)
download	firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.gz firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.tar.zst firejail-9627229b6ffe1566ffd26f9d3a8be2938784cc21.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 064e60294..0e5400dd6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -20,6 +20,7 @@ blacklist ${HOME}/.TelegramDesktop
20	blacklist ${HOME}/.ViberPC	20	blacklist ${HOME}/.ViberPC
21	blacklist ${HOME}/.VirtualBox	21	blacklist ${HOME}/.VirtualBox
22	blacklist ${HOME}/.Wolfram Research	22	blacklist ${HOME}/.Wolfram Research
		23	blacklist ${HOME}/.ZAP
23	blacklist ${HOME}/.aMule	24	blacklist ${HOME}/.aMule
24	blacklist ${HOME}/.android	25	blacklist ${HOME}/.android
25	blacklist ${HOME}/.arduino15	26	blacklist ${HOME}/.arduino15


diff --git a/etc/zaproxy.profile b/etc/zaproxy.profile new file mode 100644 index 000000000..3cce79a2e --- /dev/null +++ b/etc/zaproxy.profile
@@ -0,0 +1,42 @@
		1	# Firejail profile for zaproxy
		2	# This file is overwritten after every install/update
		3	# Persistent local customizations
		4	include /etc/firejail/zaproxy.local
		5	# Persistent global definitions
		6	include /etc/firejail/globals.local
		7
		8	noblacklist ${HOME}/.java
		9	noblacklist ${HOME}/.ZAP
		10
		11	include /etc/firejail/disable-common.inc
		12	include /etc/firejail/disable-devel.inc
		13	include /etc/firejail/disable-passwdmgr.inc
		14	include /etc/firejail/disable-programs.inc
		15
		16	mkdir ${HOME}/.ZAP
		17	whitelist ${HOME}/.java
		18	whitelist ${HOME}/.ZAP
		19	include /etc/firejail/whitelist-common.inc
		20	include /etc/firejail/whitelist-var-common.inc
		21
		22	caps.drop all
		23	ipc-namespace
		24	netfilter
		25	no3d
		26	nodvd
		27	nogroups
		28	nonewprivs
		29	noroot
		30	nosound
		31	notv
		32	novideo
		33	protocol unix,inet,inet6
		34	seccomp
		35	shell none
		36
		37	disable-mnt
		38	private-dev
		39	private-tmp
		40
		41	noexec ${HOME}
		42	noexec /tmp