1 files changed, 50 insertions, 0 deletions
diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile
new file mode 100644
index 000000000..d73e2e279
--- /dev/null
+++ b/etc/profile-m-z/wireshark.profile
@@ -0,0 +1,50 @@
+# Firejail profile for wireshark
+# Description: Network traffic analyzer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include wireshark.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/wireshark
+noblacklist ${HOME}/.wireshark
+noblacklist ${DOCUMENTS}
+# Allow lua (blacklisted by disable-interpreters.inc)
+include allow-lua.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+whitelist /usr/share/wireshark
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+apparmor
+# caps.drop all
+caps.keep dac_override,net_admin,net_raw
+netfilter
+no3d
+# nogroups - breaks network traffic capture for unprivileged users
+# nonewprivs - breaks network traffic capture for unprivileged users
+# noroot
+nodvd
+nosound
+notv
+nou2f
+novideo
+# protocol unix,inet,inet6,netlink
+# seccomp - breaks network traffic capture for unprivileged users
+shell none
+tracelog
+# private-bin wireshark
+private-dev
+# private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl
+private-tmp

diff --git a/etc/profile-m-z/wireshark.profile b/etc/profile-m-z/wireshark.profile new file mode 100644 index 000000000..d73e2e279 --- /dev/null +++ b/etc/profile-m-z/wireshark.profile
@@ -0,0 +1,50 @@
	1	# Firejail profile for wireshark
	2	# Description: Network traffic analyzer
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include wireshark.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	noblacklist ${HOME}/.config/wireshark
	10	noblacklist ${HOME}/.wireshark
	11	noblacklist ${DOCUMENTS}
	12
	13	# Allow lua (blacklisted by disable-interpreters.inc)
	14	include allow-lua.inc
	15
	16	include disable-common.inc
	17	include disable-devel.inc
	18	include disable-exec.inc
	19	include disable-interpreters.inc
	20	include disable-passwdmgr.inc
	21	include disable-programs.inc
	22	include disable-xdg.inc
	23
	24	whitelist /usr/share/wireshark
	25	include whitelist-usr-share-common.inc
	26	include whitelist-var-common.inc
	27
	28	apparmor
	29	# caps.drop all
	30	caps.keep dac_override,net_admin,net_raw
	31	netfilter
	32	no3d
	33	# nogroups - breaks network traffic capture for unprivileged users
	34	# nonewprivs - breaks network traffic capture for unprivileged users
	35	# noroot
	36	nodvd
	37	nosound
	38	notv
	39	nou2f
	40	novideo
	41	# protocol unix,inet,inet6,netlink
	42	# seccomp - breaks network traffic capture for unprivileged users
	43	shell none
	44	tracelog
	45
	46	# private-bin wireshark
	47	private-dev
	48	# private-etc alternatives,ca-certificates,crypto-policies,fonts,group,hosts,machine-id,passwd,pki,ssl
	49	private-tmp
	50