diff options
-rw-r--r-- | etc/transmission-cli.profile | 11 | ||||
-rw-r--r-- | etc/transmission-create.profile | 12 | ||||
-rw-r--r-- | etc/transmission-daemon.profile | 45 | ||||
-rw-r--r-- | etc/transmission-edit.profile | 12 | ||||
-rw-r--r-- | etc/transmission-gtk.profile | 4 | ||||
-rw-r--r-- | etc/transmission-qt.profile | 4 | ||||
-rw-r--r-- | etc/transmission-remote-cli.profile | 28 | ||||
-rw-r--r-- | etc/transmission-remote-gtk.profile | 21 | ||||
-rw-r--r-- | etc/transmission-remote.profile | 44 | ||||
-rw-r--r-- | etc/transmission-show.profile | 7 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
11 files changed, 184 insertions, 5 deletions
diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile index 89b9b21dc..65682df52 100644 --- a/etc/transmission-cli.profile +++ b/etc/transmission-cli.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for transmission-cli | 1 | # Firejail profile for transmission-cli |
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Fast, easy and free BitTorrent client (CLI tools and web client) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | 4 | quiet |
5 | # Persistent local customizations | 5 | # Persistent local customizations |
@@ -16,9 +16,11 @@ include disable-interpreters.inc | |||
16 | include disable-passwdmgr.inc | 16 | include disable-passwdmgr.inc |
17 | include disable-programs.inc | 17 | include disable-programs.inc |
18 | 18 | ||
19 | apparmor | ||
19 | caps.drop all | 20 | caps.drop all |
20 | machine-id | 21 | machine-id |
21 | netfilter | 22 | netfilter |
23 | nodbus | ||
22 | nodvd | 24 | nodvd |
23 | nonewprivs | 25 | nonewprivs |
24 | noroot | 26 | noroot |
@@ -26,14 +28,17 @@ nosound | |||
26 | notv | 28 | notv |
27 | nou2f | 29 | nou2f |
28 | novideo | 30 | novideo |
29 | protocol unix,inet,inet6 | 31 | protocol inet,inet6 |
30 | seccomp | 32 | seccomp |
31 | shell none | 33 | shell none |
32 | tracelog | 34 | tracelog |
33 | 35 | ||
34 | # private-bin transmission-cli | 36 | # private-bin transmission-cli |
35 | private-dev | 37 | private-dev |
36 | private-etc alternatives,ca-certificates,ssl,pki,crypto-policies | 38 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl |
39 | private-lib | ||
37 | private-tmp | 40 | private-tmp |
38 | 41 | ||
39 | memory-deny-write-execute | 42 | memory-deny-write-execute |
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile new file mode 100644 index 000000000..7aea44c3b --- /dev/null +++ b/etc/transmission-create.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for transmission-create | ||
2 | # Description: CLI utility to create BitTorrent .torrent files | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include transmission-create.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | |||
11 | # Redirect | ||
12 | include transmission-cli.profile | ||
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile new file mode 100644 index 000000000..c101e18b5 --- /dev/null +++ b/etc/transmission-daemon.profile | |||
@@ -0,0 +1,45 @@ | |||
1 | # Firejail profile for transmission-daemon | ||
2 | # Description: Fast, easy and free BitTorrent client (daemon) | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include transmission-daemon.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${HOME}/.cache/transmission | ||
11 | noblacklist ${HOME}/.config/transmission | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | |||
19 | apparmor | ||
20 | caps.drop all | ||
21 | machine-id | ||
22 | netfilter | ||
23 | nodbus | ||
24 | nodvd | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | nosound | ||
29 | notv | ||
30 | nou2f | ||
31 | novideo | ||
32 | protocol inet,inet6 | ||
33 | seccomp | ||
34 | shell none | ||
35 | tracelog | ||
36 | |||
37 | # private-bin transmission-daemon | ||
38 | private-dev | ||
39 | private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl | ||
40 | private-lib | ||
41 | private-tmp | ||
42 | |||
43 | memory-deny-write-execute | ||
44 | noexec ${HOME} | ||
45 | noexec /tmp | ||
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile new file mode 100644 index 000000000..5bc81c231 --- /dev/null +++ b/etc/transmission-edit.profile | |||
@@ -0,0 +1,12 @@ | |||
1 | # Firejail profile for transmission-edit | ||
2 | # Description: CLI utility to modify BitTorrent .torrent files' announce URLs | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include transmission-edit.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | |||
11 | # Redirect | ||
12 | include transmission-cli.profile | ||
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile index 00de26003..6fd310a73 100644 --- a/etc/transmission-gtk.profile +++ b/etc/transmission-gtk.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for transmission-gtk | 1 | # Firejail profile for transmission-gtk |
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Fast, easy and free BitTorrent client (GTK GUI) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include transmission-gtk.local | 5 | include transmission-gtk.local |
@@ -47,3 +47,5 @@ private-tmp | |||
47 | 47 | ||
48 | # Causes freeze during opening file dialog in Archlinux, see issue #1855 | 48 | # Causes freeze during opening file dialog in Archlinux, see issue #1855 |
49 | # memory-deny-write-execute | 49 | # memory-deny-write-execute |
50 | noexec ${HOME} | ||
51 | noexec /tmp | ||
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile index 96d9b4bb0..f35eb0036 100644 --- a/etc/transmission-qt.profile +++ b/etc/transmission-qt.profile | |||
@@ -1,5 +1,5 @@ | |||
1 | # Firejail profile for transmission-qt | 1 | # Firejail profile for transmission-qt |
2 | # Description: Lightweight BitTorrent client | 2 | # Description: Fast, easy and free BitTorrent client (Qt GUI) |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | # Persistent local customizations | 4 | # Persistent local customizations |
5 | include transmission-qt.local | 5 | include transmission-qt.local |
@@ -46,3 +46,5 @@ private-dev | |||
46 | private-tmp | 46 | private-tmp |
47 | 47 | ||
48 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 | 48 | # memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0 |
49 | noexec ${HOME} | ||
50 | noexec /tmp | ||
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile new file mode 100644 index 000000000..a2e950176 --- /dev/null +++ b/etc/transmission-remote-cli.profile | |||
@@ -0,0 +1,28 @@ | |||
1 | # Firejail profile for transmission-remote-cli | ||
2 | # Description: A remote control utility for transmission-daemon (CLI) | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include transmission-remote-cli.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | # Allow python (disabled by disable-interpreters.inc) | ||
11 | noblacklist ${PATH}/python2* | ||
12 | noblacklist ${PATH}/python3* | ||
13 | noblacklist /usr/lib/python2* | ||
14 | noblacklist /usr/lib/python3* | ||
15 | |||
16 | mkdir ${HOME}/.cache/transmission | ||
17 | mkdir ${HOME}/.config/transmission | ||
18 | whitelist ${HOME}/.cache/transmission | ||
19 | whitelist ${HOME}/.config/transmission | ||
20 | include whitelist-common.inc | ||
21 | include whitelist-var-common.inc | ||
22 | |||
23 | # private-bin python* | ||
24 | private-etc fonts | ||
25 | |||
26 | |||
27 | # Redirect | ||
28 | include transmission-remote.profile | ||
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile new file mode 100644 index 000000000..3ead56008 --- /dev/null +++ b/etc/transmission-remote-gtk.profile | |||
@@ -0,0 +1,21 @@ | |||
1 | # Firejail profile for transmission-remote-gtk | ||
2 | # Description: A remote control utility for transmission-daemon (GTK GUI) | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include transmission-remote-gtk.local | ||
6 | # Persistent global definitions | ||
7 | # added by included profile | ||
8 | #include globals.local | ||
9 | |||
10 | mkdir ${HOME}/.cache/transmission | ||
11 | mkdir ${HOME}/.config/transmission | ||
12 | whitelist ${HOME}/.cache/transmission | ||
13 | whitelist ${HOME}/.config/transmission | ||
14 | include whitelist-common.inc | ||
15 | include whitelist-var-common.inc | ||
16 | |||
17 | private-etc fonts | ||
18 | |||
19 | |||
20 | # Redirect | ||
21 | include transmission-remote.profile | ||
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile new file mode 100644 index 000000000..7e6f67317 --- /dev/null +++ b/etc/transmission-remote.profile | |||
@@ -0,0 +1,44 @@ | |||
1 | # Firejail profile for transmission-remote | ||
2 | # Description: A remote control utility for transmission-daemon (CLI) | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include transmission-remote.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | noblacklist ${HOME}/.cache/transmission | ||
11 | noblacklist ${HOME}/.config/transmission | ||
12 | |||
13 | include disable-common.inc | ||
14 | include disable-devel.inc | ||
15 | include disable-interpreters.inc | ||
16 | include disable-passwdmgr.inc | ||
17 | include disable-programs.inc | ||
18 | |||
19 | apparmor | ||
20 | caps.drop all | ||
21 | machine-id | ||
22 | net none | ||
23 | nodbus | ||
24 | nodvd | ||
25 | nonewprivs | ||
26 | noroot | ||
27 | nosound | ||
28 | notv | ||
29 | nou2f | ||
30 | novideo | ||
31 | protocol unix | ||
32 | seccomp | ||
33 | shell none | ||
34 | tracelog | ||
35 | |||
36 | # private-bin transmission-remote | ||
37 | private-dev | ||
38 | private-etc alternatives | ||
39 | private-lib | ||
40 | private-tmp | ||
41 | |||
42 | memory-deny-write-execute | ||
43 | noexec ${HOME} | ||
44 | noexec /tmp | ||
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile index 6154ad15b..691b8959e 100644 --- a/etc/transmission-show.profile +++ b/etc/transmission-show.profile | |||
@@ -1,4 +1,5 @@ | |||
1 | # Firejail profile for transmission-show | 1 | # Firejail profile for transmission-show |
2 | # Description: CLI utility to show BitTorrent .torrent file metadata | ||
2 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
3 | # Persistent local customizations | 4 | # Persistent local customizations |
4 | include transmission-show.local | 5 | include transmission-show.local |
@@ -14,6 +15,7 @@ include disable-interpreters.inc | |||
14 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
15 | include disable-programs.inc | 16 | include disable-programs.inc |
16 | 17 | ||
18 | apparmor | ||
17 | caps.drop all | 19 | caps.drop all |
18 | machine-id | 20 | machine-id |
19 | net none | 21 | net none |
@@ -32,4 +34,9 @@ tracelog | |||
32 | 34 | ||
33 | private-dev | 35 | private-dev |
34 | private-etc alternatives | 36 | private-etc alternatives |
37 | private-lib | ||
35 | private-tmp | 38 | private-tmp |
39 | |||
40 | memory-deny-write-execute | ||
41 | noexec ${HOME} | ||
42 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index a95cd3498..321c2d548 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -486,6 +486,7 @@ totem | |||
486 | tracker | 486 | tracker |
487 | transgui | 487 | transgui |
488 | transmission-cli | 488 | transmission-cli |
489 | transmission-daemon | ||
489 | transmission-gtk | 490 | transmission-gtk |
490 | transmission-qt | 491 | transmission-qt |
491 | transmission-show | 492 | transmission-show |