8 files changed, 46 insertions, 0 deletions

diff --git a/Makefile.in b/Makefile.in
index 44833021e..50210fcd9 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -144,6 +144,7 @@ realinstall:
         install -c -m 0644 .etc/google-chrome.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/google-play-music-desktop-player.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/gpredict.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/gtar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/gthumb.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/gwenview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/gzip.profile $(DESTDIR)/$(sysconfdir)/firejail/.
@@ -201,6 +202,7 @@ realinstall:
         install -c -m 0644 .etc/steam.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/stellarium.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/strings.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/tar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/telegram.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/thunderbird.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/totem.profile $(DESTDIR)/$(sysconfdir)/firejail/.
@@ -208,6 +210,8 @@ realinstall:
         install -c -m 0644 .etc/transmission-qt.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/uget-gtk.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/unbound.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/unrar.profile $(DESTDIR)/$(sysconfdir)/firejail/.
+        install -c -m 0644 .etc/unzip.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/uudeview.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/vivaldi-beta.profile $(DESTDIR)/$(sysconfdir)/firejail/.
         install -c -m 0644 .etc/vivaldi.profile $(DESTDIR)/$(sysconfdir)/firejail/.
diff --git a/README b/README
index 200a7ef72..76c0ed30d 100644
--- a/README
+++ b/README
@@ -34,6 +34,7 @@ Peter Hogg (https://github.com/pigmonkey)
 Thomas Jarosch (https://github.com/thomasjfox)
         - disable keepassx in disable-passwdmgr.inc
         - added uudeview profile
+        - added tar (gtar), unzip and unrar profile
         - improved profile list
 Niklas Haas (https://github.com/haasn)
         - blacklisting for keybase.io's client
diff --git a/README.md b/README.md
index 26dc2c4e3..faa647125 100644
--- a/README.md
+++ b/README.md
@@ -156,4 +156,5 @@ Browsers: Palemoon
 ## New security profiles
 
 Gitter, gThumb, mpv, Franz messenger, LibreOffice, pix, audacity, strings, xz, xzdec, gzip, cpio, less, Atom Beta, Atom, jitsi, eom, uudeview
+tar (gtar), unzip, unrar
 
diff --git a/etc/gtar.profile b/etc/gtar.profile
new file mode 100644
index 000000000..5dbc550f6
--- /dev/null
+++ b/etc/gtar.profile
@@ -0,0 +1 @@
+include /etc/firejail/tar.profile
diff --git a/etc/tar.profile b/etc/tar.profile
new file mode 100644
index 000000000..4ce3e59f0
--- /dev/null
+++ b/etc/tar.profile
@@ -0,0 +1,13 @@
+# tar profile
+include /etc/firejail/default.profile
+
+tracelog
+net none
+shell none
+
+# support compressed archives
+private-bin tar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop
+private-dev
+private-etc passwd,group,localtime
+hostname tar
+nosound
diff --git a/etc/unrar.profile b/etc/unrar.profile
new file mode 100644
index 000000000..ccd144699
--- /dev/null
+++ b/etc/unrar.profile
@@ -0,0 +1,11 @@
+# unrar profile
+include /etc/firejail/default.profile
+
+tracelog
+net none
+shell none
+private-bin unrar
+private-dev
+private-etc passwd,group,localtime
+hostname unrar
+nosound
diff --git a/etc/unzip.profile b/etc/unzip.profile
new file mode 100644
index 000000000..d4862004c
--- /dev/null
+++ b/etc/unzip.profile
@@ -0,0 +1,11 @@
+# unzip profile
+include /etc/firejail/default.profile
+
+tracelog
+net none
+shell none
+private-bin unzip
+private-dev
+private-etc passwd,group,localtime
+hostname unzip
+nosound
diff --git a/platform/debian/conffiles b/platform/debian/conffiles
index 5367edfe5..d302c5732 100644
--- a/platform/debian/conffiles
+++ b/platform/debian/conffiles
@@ -50,6 +50,7 @@
 /etc/firejail/google-chrome.profile
 /etc/firejail/google-play-music-desktop-player.profile
 /etc/firejail/gpredict.profile
+/etc/firejail/gtar.profile
 /etc/firejail/gthumb.profile
 /etc/firejail/gwenview.profile
 /etc/firejail/gzip.profile
@@ -108,6 +109,7 @@
 /etc/firejail/steam.profile
 /etc/firejail/stellarium.profile
 /etc/firejail/strings.profile
+/etc/firejail/tar.profile
 /etc/firejail/telegram.profile
 /etc/firejail/thunderbird.profile
 /etc/firejail/totem.profile
@@ -115,6 +117,8 @@
 /etc/firejail/transmission-qt.profile
 /etc/firejail/uget-gtk.profile
 /etc/firejail/unbound.profile
+/etc/firejail/unrar.profile
+/etc/firejail/unzip.profile
 /etc/firejail/uudeview.profile
 /etc/firejail/vivaldi-beta.profile
 /etc/firejail/vivaldi.profile