8 files changed, 131 insertions, 3 deletions
diff --git a/README.md b/README.md
index 3a76dbf50..89b85a09a 100644
--- a/README.md
+++ b/README.md
@@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles
 Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
 shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor,
-xxd, Beaker, electrum, clamtk, pybitmessage
+xxd, Beaker, electrum, clamtk, pybitmessage, dig, whois
diff --git a/RELNOTES b/RELNOTES
index cf9d95982..74c7551f5 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -19,7 +19,7 @@ firejail (0.9.56~rc1) baseline; urgency=low
  * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,
  * new profiles: standardnotes-desktop, shellcheck, patch, flameshot,
  * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,
-  * new profiles: Beaker, electrum, clamtk, pybitmessage
+  * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois
 -- netblue30 <netblue30@yahoo.com>  Sat, 11 Aug 2018 08:00:00 -0500
 firejail (0.9.54) baseline; urgency=low
diff --git a/etc/dig.profile b/etc/dig.profile
new file mode 100644
index 000000000..4b6ab0975
--- /dev/null
+++ b/etc/dig.profile
@@ -0,0 +1,47 @@
+quiet
+# Firejail profile for dig
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dig.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+# include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
+whitelist ~/.digrc
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+# ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin sh,bash,dig
+private-cache
+private-dev
+# private-etc resolv.conf
+private-lib
+private-tmp
+memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
diff --git a/etc/whois.profile b/etc/whois.profile
new file mode 100644
index 000000000..3ef2e1476
--- /dev/null
+++ b/etc/whois.profile
@@ -0,0 +1,45 @@
+quiet
+# Firejail profile for whois
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/whois.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+# include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
+include /etc/firejail/whitelist-var-common.inc
+caps.drop all
+# ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol inet,inet6
+seccomp
+shell none
+disable-mnt
+private
+private-bin sh,bash,whois
+private-cache
+private-dev
+# private-etc hosts,services,whois.conf
+private-lib
+private-tmp
+memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 0bbafb343..5ae1c28cd 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -94,6 +94,7 @@ deadbeef
 deluge
 dex2jar
 dia
+dig
 digikam
 dillo
 dino
@@ -442,6 +443,7 @@ weechat
 weechat-curses
 wesnoth
 wget
+whois
 wine
 wire-desktop
 wireshark
diff --git a/test/private-lib/dig.exp b/test/private-lib/dig.exp
new file mode 100755
index 000000000..6e03b0503
--- /dev/null
+++ b/test/private-lib/dig.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail dig 1.1.1.1\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Query time"
+}
+after 100
+puts "\nall done\n"
diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh
index edf81917a..5d23ebe88 100755
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@@ -5,7 +5,7 @@
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
+LIST="dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
 for app in $LIST; do
diff --git a/test/private-lib/whois.exp b/test/private-lib/whois.exp
new file mode 100755
index 000000000..6807b7cc2
--- /dev/null
+++ b/test/private-lib/whois.exp
@@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+send -- "firejail whois debian.org\r"
+expect {
+        timeout {puts "TESTING ERROR 0\n";exit}
+        "Domain Name"
+}
+after 100
+puts "\nall done\n"

diff --git a/README.md b/README.md index 3a76dbf50..89b85a09a 100644 --- a/README.md +++ b/README.md
@@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
167	## New profiles	167	## New profiles
168	Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,	168	Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
169	shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor,	169	shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor,
170	xxd, Beaker, electrum, clamtk, pybitmessage	170	xxd, Beaker, electrum, clamtk, pybitmessage, dig, whois


diff --git a/RELNOTES b/RELNOTES index cf9d95982..74c7551f5 100644 --- a/RELNOTES +++ b/RELNOTES
@@ -19,7 +19,7 @@ firejail (0.9.56~rc1) baseline; urgency=low
19	* new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,	19	* new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,
20	* new profiles: standardnotes-desktop, shellcheck, patch, flameshot,	20	* new profiles: standardnotes-desktop, shellcheck, patch, flameshot,
21	* new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,	21	* new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,
22	* new profiles: Beaker, electrum, clamtk, pybitmessage	22	* new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois
23	-- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500	23	-- netblue30 <netblue30@yahoo.com> Sat, 11 Aug 2018 08:00:00 -0500
24		24
25	firejail (0.9.54) baseline; urgency=low	25	firejail (0.9.54) baseline; urgency=low


diff --git a/etc/dig.profile b/etc/dig.profile new file mode 100644 index 000000000..4b6ab0975 --- /dev/null +++ b/etc/dig.profile
@@ -0,0 +1,47 @@
		1	quiet
		2	# Firejail profile for dig
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/dig.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	include /etc/firejail/disable-common.inc
		10	# include /etc/firejail/disable-devel.inc
		11	# include /etc/firejail/disable-interpreters.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14	#include /etc/firejail/disable-xdg.inc
		15
		16	whitelist ~/.digrc
		17	include /etc/firejail/whitelist-common.inc
		18	include /etc/firejail/whitelist-var-common.inc
		19
		20	caps.drop all
		21	# ipc-namespace
		22	netfilter
		23	no3d
		24	nodbus
		25	nodvd
		26	nogroups
		27	nonewprivs
		28	noroot
		29	nosound
		30	notv
		31	novideo
		32	protocol unix,inet,inet6
		33	seccomp
		34	shell none
		35
		36	disable-mnt
		37	private
		38	private-bin sh,bash,dig
		39	private-cache
		40	private-dev
		41	# private-etc resolv.conf
		42	private-lib
		43	private-tmp
		44
		45	memory-deny-write-execute
		46	# noexec ${HOME}
		47	# noexec /tmp


diff --git a/etc/whois.profile b/etc/whois.profile new file mode 100644 index 000000000..3ef2e1476 --- /dev/null +++ b/etc/whois.profile
@@ -0,0 +1,45 @@
		1	quiet
		2	# Firejail profile for whois
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include /etc/firejail/whois.local
		6	# Persistent global definitions
		7	include /etc/firejail/globals.local
		8
		9	include /etc/firejail/disable-common.inc
		10	# include /etc/firejail/disable-devel.inc
		11	# include /etc/firejail/disable-interpreters.inc
		12	include /etc/firejail/disable-passwdmgr.inc
		13	include /etc/firejail/disable-programs.inc
		14	#include /etc/firejail/disable-xdg.inc
		15
		16	include /etc/firejail/whitelist-var-common.inc
		17
		18	caps.drop all
		19	# ipc-namespace
		20	netfilter
		21	no3d
		22	nodbus
		23	nodvd
		24	nogroups
		25	nonewprivs
		26	noroot
		27	nosound
		28	notv
		29	novideo
		30	protocol inet,inet6
		31	seccomp
		32	shell none
		33
		34	disable-mnt
		35	private
		36	private-bin sh,bash,whois
		37	private-cache
		38	private-dev
		39	# private-etc hosts,services,whois.conf
		40	private-lib
		41	private-tmp
		42
		43	memory-deny-write-execute
		44	# noexec ${HOME}
		45	# noexec /tmp


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 0bbafb343..5ae1c28cd 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -94,6 +94,7 @@ deadbeef
94	deluge	94	deluge
95	dex2jar	95	dex2jar
96	dia	96	dia
		97	dig
97	digikam	98	digikam
98	dillo	99	dillo
99	dino	100	dino
@@ -442,6 +443,7 @@ weechat
442	weechat-curses	443	weechat-curses
443	wesnoth	444	wesnoth
444	wget	445	wget
		446	whois
445	wine	447	wine
446	wire-desktop	448	wire-desktop
447	wireshark	449	wireshark


diff --git a/test/private-lib/dig.exp b/test/private-lib/dig.exp new file mode 100755 index 000000000..6e03b0503 --- /dev/null +++ b/test/private-lib/dig.exp
@@ -0,0 +1,17 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2018 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail dig 1.1.1.1\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Query time"
		14	}
		15
		16	after 100
		17	puts "\nall done\n"


diff --git a/test/private-lib/private-lib.sh b/test/private-lib/private-lib.sh index edf81917a..5d23ebe88 100755 --- a/test/private-lib/private-lib.sh +++ b/test/private-lib/private-lib.sh
@@ -5,7 +5,7 @@
5		5
6	export MALLOC_CHECK_=3	6	export MALLOC_CHECK_=3
7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))	7	export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
8	LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"	8	LIST="dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
9		9
10		10
11	for app in $LIST; do	11	for app in $LIST; do


diff --git a/test/private-lib/whois.exp b/test/private-lib/whois.exp new file mode 100755 index 000000000..6807b7cc2 --- /dev/null +++ b/test/private-lib/whois.exp
@@ -0,0 +1,17 @@
		1	#!/usr/bin/expect -f
		2	# This file is part of Firejail project
		3	# Copyright (C) 2014-2018 Firejail Authors
		4	# License GPL v2
		5
		6	set timeout 10
		7	spawn $env(SHELL)
		8	match_max 100000
		9
		10	send -- "firejail whois debian.org\r"
		11	expect {
		12	timeout {puts "TESTING ERROR 0\n";exit}
		13	"Domain Name"
		14	}
		15
		16	after 100
		17	puts "\nall done\n"