creating alpine.profile (#4350)

* firecfg.config alpine * Create alpinef.profile * Create alpine.profile * disable-programs.inc alpine * workaround in comment * Update etc/profile-a-l/alpine.profile Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com> * deactivating whitelists in ${HOME} * comment Co-authored-by: rusty-snake <41237666+rusty-snake@users.noreply.github.com>
author: pirate486743186 <okgomdjgbmoij@gmail.com> 2021-06-21 14:25:19 +0200
committer: GitHub <noreply@github.com> 2021-06-21 12:25:19 +0000
commit: 1ca9046cf13b1aa161d3983157617e99b1053d63 (patch)
tree: 3f5b31c5d1a85a60c168c2a766dda5cc708566e8 /etc
parent: testing (diff)
download: firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.tar.gz
firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.tar.zst
firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.zip
3 files changed, 128 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
index 6fb62e017..0e575e5eb 100644
--- a/etc/inc/disable-programs.inc
+++ b/etc/inc/disable-programs.inc
@@ -39,6 +39,8 @@ blacklist ${HOME}/.WebStorm*
 blacklist ${HOME}/.Wolfram Research
 blacklist ${HOME}/.ZAP
 blacklist ${HOME}/.abook
+blacklist ${HOME}/.addressbook
+blacklist ${HOME}/.alpine-smime
 blacklist ${HOME}/.aMule
 blacklist ${HOME}/.android
 blacklist ${HOME}/.anydesk
@@ -831,6 +833,14 @@ blacklist ${HOME}/.paradoxinteractive
 blacklist ${HOME}/.parallelrealities/blobwars
 blacklist ${HOME}/.pcsxr
 blacklist ${HOME}/.penguin-command
+blacklist ${HOME}/.pine-crash
+blacklist ${HOME}/.pine-debug1
+blacklist ${HOME}/.pine-debug2
+blacklist ${HOME}/.pine-debug3
+blacklist ${HOME}/.pine-debug4
+blacklist ${HOME}/.pine-interrupted-mail
+blacklist ${HOME}/.pinerc
+blacklist ${HOME}/.pinercex
 blacklist ${HOME}/.pingus
 blacklist ${HOME}/.pioneer
 blacklist ${HOME}/.purple
diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile
new file mode 100644
index 000000000..0b5cf0df0
--- /dev/null
+++ b/etc/profile-a-l/alpine.profile
@@ -0,0 +1,104 @@
+# Firejail profile for alpine
+# Description: Text-based email and newsgroups reader
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include alpine.local
+# Persistent global definitions
+include globals.local
+# Workaround for bug https://github.com/netblue30/firejail/issues/2747
+# firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
+noblacklist /var/mail
+noblacklist /var/spool/mail
+noblacklist ${DOCUMENTS}
+noblacklist ${HOME}/.addressbook
+noblacklist ${HOME}/.alpine-smime
+noblacklist ${HOME}/.mailcap
+noblacklist ${HOME}/.mh_profile
+noblacklist ${HOME}/.mime.types
+noblacklist ${HOME}/.newsrc
+noblacklist ${HOME}/.pine-crash
+noblacklist ${HOME}/.pine-debug1
+noblacklist ${HOME}/.pine-debug2
+noblacklist ${HOME}/.pine-debug3
+noblacklist ${HOME}/.pine-debug4
+noblacklist ${HOME}/.pine-interrupted-mail
+noblacklist ${HOME}/.pinerc
+noblacklist ${HOME}/.pinercex
+noblacklist ${HOME}/.signature
+noblacklist ${HOME}/mail
+blacklist /tmp/.X11-unix
+blacklist ${RUNUSER}/wayland-*
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+#whitelist ${DOCUMENTS}
+#whitelist ${DOWNLOADS}
+#whitelist ${HOME}/.addressbook
+#whitelist ${HOME}/.alpine-smime
+#whitelist ${HOME}/.mailcap
+#whitelist ${HOME}/.mh_profile
+#whitelist ${HOME}/.mime.types
+#whitelist ${HOME}/.newsrc
+#whitelist ${HOME}/.pine-crash
+#whitelist ${HOME}/.pine-interrupted-mail
+#whitelist ${HOME}/.pinerc
+#whitelist ${HOME}/.pinercex
+#whitelist ${HOME}/.pine-debug1
+#whitelist ${HOME}/.pine-debug2
+#whitelist ${HOME}/.pine-debug3
+#whitelist ${HOME}/.pine-debug4
+#whitelist ${HOME}/.signature
+#whitelist ${HOME}/mail
+whitelist /var/mail
+whitelist /var/spool/mail
+#include whitelist-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodvd
+nogroups
+noinput
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+seccomp.block-secondary
+shell none
+tracelog
+disable-mnt
+private-bin alpine
+private-cache
+private-dev
+private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
+private-tmp
+writable-run-user
+writable-var
+dbus-user none
+dbus-system none
+memory-deny-write-execute
+read-only ${HOME}/.signature
diff --git a/etc/profile-a-l/alpinef.profile b/etc/profile-a-l/alpinef.profile
new file mode 100644
index 000000000..97b97fe5f
--- /dev/null
+++ b/etc/profile-a-l/alpinef.profile
@@ -0,0 +1,14 @@
+# Firejail profile for alpinef
+# Description: Text-based email and newsgroups reader using function keys
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include alpinef.local
+# Persistent global definitions
+# added by included profile
+#include globals.local
+private-bin alpinef
+# Redirect
+include alpine.profile
author	pirate486743186 <okgomdjgbmoij@gmail.com>	2021-06-21 14:25:19 +0200
committer	GitHub <noreply@github.com>	2021-06-21 12:25:19 +0000
commit	1ca9046cf13b1aa161d3983157617e99b1053d63 (patch)
tree	3f5b31c5d1a85a60c168c2a766dda5cc708566e8 /etc
parent	testing (diff)
download	firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.tar.gz firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.tar.zst firejail-1ca9046cf13b1aa161d3983157617e99b1053d63.zip

diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 6fb62e017..0e575e5eb 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc
@@ -39,6 +39,8 @@ blacklist ${HOME}/.WebStorm*
39	blacklist ${HOME}/.Wolfram Research	39	blacklist ${HOME}/.Wolfram Research
40	blacklist ${HOME}/.ZAP	40	blacklist ${HOME}/.ZAP
41	blacklist ${HOME}/.abook	41	blacklist ${HOME}/.abook
		42	blacklist ${HOME}/.addressbook
		43	blacklist ${HOME}/.alpine-smime
42	blacklist ${HOME}/.aMule	44	blacklist ${HOME}/.aMule
43	blacklist ${HOME}/.android	45	blacklist ${HOME}/.android
44	blacklist ${HOME}/.anydesk	46	blacklist ${HOME}/.anydesk
@@ -831,6 +833,14 @@ blacklist ${HOME}/.paradoxinteractive
831	blacklist ${HOME}/.parallelrealities/blobwars	833	blacklist ${HOME}/.parallelrealities/blobwars
832	blacklist ${HOME}/.pcsxr	834	blacklist ${HOME}/.pcsxr
833	blacklist ${HOME}/.penguin-command	835	blacklist ${HOME}/.penguin-command
		836	blacklist ${HOME}/.pine-crash
		837	blacklist ${HOME}/.pine-debug1
		838	blacklist ${HOME}/.pine-debug2
		839	blacklist ${HOME}/.pine-debug3
		840	blacklist ${HOME}/.pine-debug4
		841	blacklist ${HOME}/.pine-interrupted-mail
		842	blacklist ${HOME}/.pinerc
		843	blacklist ${HOME}/.pinercex
834	blacklist ${HOME}/.pingus	844	blacklist ${HOME}/.pingus
835	blacklist ${HOME}/.pioneer	845	blacklist ${HOME}/.pioneer
836	blacklist ${HOME}/.purple	846	blacklist ${HOME}/.purple


diff --git a/etc/profile-a-l/alpine.profile b/etc/profile-a-l/alpine.profile new file mode 100644 index 000000000..0b5cf0df0 --- /dev/null +++ b/etc/profile-a-l/alpine.profile
@@ -0,0 +1,104 @@
		1	# Firejail profile for alpine
		2	# Description: Text-based email and newsgroups reader
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include alpine.local
		7	# Persistent global definitions
		8	include globals.local
		9
		10	# Workaround for bug https://github.com/netblue30/firejail/issues/2747
		11	# firejail --private-bin=sh --include='${CFG}/allow-bin-sh.inc' --profile=alpine sh -c '(alpine)'
		12
		13	noblacklist /var/mail
		14	noblacklist /var/spool/mail
		15	noblacklist ${DOCUMENTS}
		16	noblacklist ${HOME}/.addressbook
		17	noblacklist ${HOME}/.alpine-smime
		18	noblacklist ${HOME}/.mailcap
		19	noblacklist ${HOME}/.mh_profile
		20	noblacklist ${HOME}/.mime.types
		21	noblacklist ${HOME}/.newsrc
		22	noblacklist ${HOME}/.pine-crash
		23	noblacklist ${HOME}/.pine-debug1
		24	noblacklist ${HOME}/.pine-debug2
		25	noblacklist ${HOME}/.pine-debug3
		26	noblacklist ${HOME}/.pine-debug4
		27	noblacklist ${HOME}/.pine-interrupted-mail
		28	noblacklist ${HOME}/.pinerc
		29	noblacklist ${HOME}/.pinercex
		30	noblacklist ${HOME}/.signature
		31	noblacklist ${HOME}/mail
		32
		33	blacklist /tmp/.X11-unix
		34	blacklist ${RUNUSER}/wayland-*
		35
		36	include disable-common.inc
		37	include disable-devel.inc
		38	include disable-exec.inc
		39	include disable-interpreters.inc
		40	include disable-passwdmgr.inc
		41	include disable-programs.inc
		42	include disable-shell.inc
		43	include disable-xdg.inc
		44
		45	#whitelist ${DOCUMENTS}
		46	#whitelist ${DOWNLOADS}
		47	#whitelist ${HOME}/.addressbook
		48	#whitelist ${HOME}/.alpine-smime
		49	#whitelist ${HOME}/.mailcap
		50	#whitelist ${HOME}/.mh_profile
		51	#whitelist ${HOME}/.mime.types
		52	#whitelist ${HOME}/.newsrc
		53	#whitelist ${HOME}/.pine-crash
		54	#whitelist ${HOME}/.pine-interrupted-mail
		55	#whitelist ${HOME}/.pinerc
		56	#whitelist ${HOME}/.pinercex
		57	#whitelist ${HOME}/.pine-debug1
		58	#whitelist ${HOME}/.pine-debug2
		59	#whitelist ${HOME}/.pine-debug3
		60	#whitelist ${HOME}/.pine-debug4
		61	#whitelist ${HOME}/.signature
		62	#whitelist ${HOME}/mail
		63	whitelist /var/mail
		64	whitelist /var/spool/mail
		65	#include whitelist-common.inc
		66	include whitelist-runuser-common.inc
		67	include whitelist-usr-share-common.inc
		68	include whitelist-var-common.inc
		69
		70	apparmor
		71	caps.drop all
		72	ipc-namespace
		73	machine-id
		74	netfilter
		75	no3d
		76	nodvd
		77	nogroups
		78	noinput
		79	nonewprivs
		80	noroot
		81	nosound
		82	notv
		83	nou2f
		84	novideo
		85	protocol unix,inet,inet6
		86	seccomp
		87	seccomp.block-secondary
		88	shell none
		89	tracelog
		90
		91	disable-mnt
		92	private-bin alpine
		93	private-cache
		94	private-dev
		95	private-etc alternatives,c-client.cf,ca-certificates,crypto-policies,host.conf,hostname,hosts,krb5.keytab,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,mailcap,mime.types,nsswitch.conf,passwd,pine.conf,pinerc.fixed,pki,protocols,resolv.conf,rpc,services,ssl,terminfo,xdg
		96	private-tmp
		97	writable-run-user
		98	writable-var
		99
		100	dbus-user none
		101	dbus-system none
		102
		103	memory-deny-write-execute
		104	read-only ${HOME}/.signature


diff --git a/etc/profile-a-l/alpinef.profile b/etc/profile-a-l/alpinef.profile new file mode 100644 index 000000000..97b97fe5f --- /dev/null +++ b/etc/profile-a-l/alpinef.profile
@@ -0,0 +1,14 @@
		1	# Firejail profile for alpinef
		2	# Description: Text-based email and newsgroups reader using function keys
		3	# This file is overwritten after every install/update
		4	quiet
		5	# Persistent local customizations
		6	include alpinef.local
		7	# Persistent global definitions
		8	# added by included profile
		9	#include globals.local
		10
		11	private-bin alpinef
		12
		13	# Redirect
		14	include alpine.profile