4 files changed, 90 insertions, 2 deletions
diff --git a/README.md b/README.md
index 26e26612c..879a2eeed 100644
--- a/README.md
+++ b/README.md
@@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles:
-klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks OpenArena, gnome-sound-recorder, godot
+klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark
diff --git a/RELNOTES b/RELNOTES
index 639f989eb..0ecb40688 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -3,7 +3,7 @@ firejail (0.9.61) baseline; urgency=low
  * profile templates
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
-  * new profiles: godot
+  * new profiles: godot, tcpdump, tshark
 -- netblue30 <netblue30@yahoo.com>  Sat, 1 Jun 2019 08:00:00 -0500
 firejail (0.9.60) baseline; urgency=low
diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile
new file mode 100644
index 000000000..7713ac6c0
--- /dev/null
+++ b/etc/tcpdump.profile
@@ -0,0 +1,44 @@
+# Firejail profile for tcpdump
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include tcpdump.local
+# Persistent global definitions
+include globals.local
+noblacklist /sbin
+noblacklist /usr/sbin
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+caps.keep net_raw
+ipc-namespace
+#net tun0
+netfilter
+no3d
+nodvd
+#nogroups
+nonewprivs
+#noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6,netlink,packet
+seccomp
+disable-mnt
+#private
+#private-bin tcpdump
+private-dev
+#private-etc
+private-tmp
+memory-deny-write-execute
diff --git a/etc/tshark.profile b/etc/tshark.profile
new file mode 100644
index 000000000..52ee228a3
--- /dev/null
+++ b/etc/tshark.profile
@@ -0,0 +1,44 @@
+# Firejail profile for tshark
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include tshark.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+#caps.keep net_raw
+caps.keep dac_override,net_admin,net_raw
+ipc-namespace
+#net tun0
+netfilter
+no3d
+nodvd
+# nogroups - breaks network traffic capture for unprivileged users
+# nonewprivs - breaks network traffic capture for unprivileged users
+# noroot
+nosound
+notv
+nou2f
+novideo
+#protocol unix,inet,inet6,netlink,packet
+#seccomp
+disable-mnt
+#private
+private-cache
+#private-bin tshark
+private-dev
+#private-etc
+private-tmp
+# memory-deny-write-execute

diff --git a/README.md b/README.md index 26e26612c..879a2eeed 100644 --- a/README.md +++ b/README.md
@@ -111,4 +111,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
111		111
112	## New profiles:	112	## New profiles:
113		113
114	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks OpenArena, gnome-sound-recorder, godot	114	klatexformula, klatexformula_cmdl, links, pandoc, qgis, teams-for-linux, xlinks, OpenArena, gnome-sound-recorder, godot, tcpdump, tshark


diff --git a/RELNOTES b/RELNOTES index 639f989eb..0ecb40688 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -3,7 +3,7 @@ firejail (0.9.61) baseline; urgency=low
3	* profile templates	3	* profile templates
4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks	4	* new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder	5	* new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
6	* new profiles: godot	6	* new profiles: godot, tcpdump, tshark
7	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500	7	-- netblue30 <netblue30@yahoo.com> Sat, 1 Jun 2019 08:00:00 -0500
8		8
9	firejail (0.9.60) baseline; urgency=low	9	firejail (0.9.60) baseline; urgency=low


diff --git a/etc/tcpdump.profile b/etc/tcpdump.profile new file mode 100644 index 000000000..7713ac6c0 --- /dev/null +++ b/etc/tcpdump.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for tcpdump
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include tcpdump.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist /sbin
		10	noblacklist /usr/sbin
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-exec.inc
		14	include disable-interpreters.inc
		15	include disable-passwdmgr.inc
		16	include disable-programs.inc
		17	include disable-xdg.inc
		18	include whitelist-common.inc
		19
		20	caps.keep net_raw
		21	ipc-namespace
		22	#net tun0
		23	netfilter
		24	no3d
		25	nodvd
		26	#nogroups
		27	nonewprivs
		28	#noroot
		29	nosound
		30	notv
		31	nou2f
		32	novideo
		33
		34	protocol unix,inet,inet6,netlink,packet
		35	seccomp
		36
		37	disable-mnt
		38	#private
		39	#private-bin tcpdump
		40	private-dev
		41	#private-etc
		42	private-tmp
		43
		44	memory-deny-write-execute


diff --git a/etc/tshark.profile b/etc/tshark.profile new file mode 100644 index 000000000..52ee228a3 --- /dev/null +++ b/etc/tshark.profile
@@ -0,0 +1,44 @@
		1	# Firejail profile for tshark
		2	# This file is overwritten after every install/update
		3	quiet
		4	# Persistent local customizations
		5	include tshark.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-exec.inc
		12	include disable-interpreters.inc
		13	include disable-passwdmgr.inc
		14	include disable-programs.inc
		15	include disable-xdg.inc
		16	include whitelist-common.inc
		17
		18	#caps.keep net_raw
		19	caps.keep dac_override,net_admin,net_raw
		20	ipc-namespace
		21	#net tun0
		22	netfilter
		23	no3d
		24	nodvd
		25	# nogroups - breaks network traffic capture for unprivileged users
		26	# nonewprivs - breaks network traffic capture for unprivileged users
		27	# noroot
		28	nosound
		29	notv
		30	nou2f
		31	novideo
		32
		33	#protocol unix,inet,inet6,netlink,packet
		34	#seccomp
		35
		36	disable-mnt
		37	#private
		38	private-cache
		39	#private-bin tshark
		40	private-dev
		41	#private-etc
		42	private-tmp
		43
		44	# memory-deny-write-execute