2 files changed, 50 insertions, 0 deletions
diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile
new file mode 100644
index 000000000..585fb9a20
--- /dev/null
+++ b/etc/gnome-nettool.profile
@@ -0,0 +1,49 @@
+# Firejail profile for gnome-nettool
+# Description: Graphical interface for various networking tools
+# This file is overwritten after every install/update
+# Persistent local customizations
+include gnome-nettool.local
+# Persistent global definitions
+include globals.local
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+caps.keep net_raw
+ipc-namespace
+machine-id
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+# ping needs to elevate privileges, noroot and nonewprivs will kill it
+#nonewprivs
+#noroot
+nosound
+notv
+nou2f
+novideo
+#seccomp
+#shell none
+disable-mnt
+#private-bin gnome-nettool
+private-cache
+private-dev
+#private-etc alternatives
+private-lib libbind9.so.*,libcrypto.so.*,libdns.so.*,libirs.so.*,liblua.so.*,libssh2.so.*,libssl.so.*
+private-tmp
+noexec ${HOME}
+noexec /tmp
+# never write anything
+read-only ${HOME}
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index 11a147636..9664d2198 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -198,6 +198,7 @@ gnome-maps
 gnome-mplayer
 gnome-mpv
 gnome-music
+gnome-nettool
 gnome-photos
 gnome-recipes
 gnome-twitch

diff --git a/etc/gnome-nettool.profile b/etc/gnome-nettool.profile new file mode 100644 index 000000000..585fb9a20 --- /dev/null +++ b/etc/gnome-nettool.profile
@@ -0,0 +1,49 @@
		1	# Firejail profile for gnome-nettool
		2	# Description: Graphical interface for various networking tools
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include gnome-nettool.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	include disable-common.inc
		10	include disable-devel.inc
		11	include disable-interpreters.inc
		12	include disable-passwdmgr.inc
		13	include disable-programs.inc
		14	include disable-xdg.inc
		15
		16	include whitelist-common.inc
		17	include whitelist-var-common.inc
		18
		19	caps.keep net_raw
		20	ipc-namespace
		21	machine-id
		22	netfilter
		23	no3d
		24	nodbus
		25	nodvd
		26	nogroups
		27	# ping needs to elevate privileges, noroot and nonewprivs will kill it
		28	#nonewprivs
		29	#noroot
		30	nosound
		31	notv
		32	nou2f
		33	novideo
		34	#seccomp
		35	#shell none
		36
		37	disable-mnt
		38	#private-bin gnome-nettool
		39	private-cache
		40	private-dev
		41	#private-etc alternatives
		42	private-lib libbind9.so.,libcrypto.so.,libdns.so.,libirs.so.,liblua.so.,libssh2.so.,libssl.so.*
		43	private-tmp
		44
		45	noexec ${HOME}
		46	noexec /tmp
		47
		48	# never write anything
		49	read-only ${HOME}


diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 11a147636..9664d2198 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config
@@ -198,6 +198,7 @@ gnome-maps
198	gnome-mplayer	198	gnome-mplayer
199	gnome-mpv	199	gnome-mpv
200	gnome-music	200	gnome-music
		201	gnome-nettool
201	gnome-photos	202	gnome-photos
202	gnome-recipes	203	gnome-recipes
203	gnome-twitch	204	gnome-twitch