3 files changed, 38 insertions, 0 deletions

diff --git a/etc/curl.profile b/etc/curl.profile
new file mode 100644
index 000000000..58b5f050a
--- /dev/null
+++ b/etc/curl.profile
@@ -0,0 +1,35 @@
+quiet
+# Persistent global definitions go here
+include /etc/firejail/globals.local
+
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/curl.local
+
+# curl profile
+noblacklist ~/.curlrc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+#ipc-namespace
+netfilter
+no3d
+nogroups
+nonewprivs
+noroot
+nosound
+protocol unix,inet,inet6
+seccomp
+shell none
+
+blacklist /tmp/.X11-unix
+
+# private-bin curl
+private-dev
+# private-etc resolv.conf
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 41889cc5f..4d77218de 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -170,6 +170,7 @@ blacklist ${HOME}/.config/xviewer
 blacklist ${HOME}/.config/zathura
 blacklist ${HOME}/.config/zoomus.conf
 blacklist ${HOME}/.conkeror.mozdev.org
+blacklist ${HOME}/.curlrc
 blacklist ${HOME}/.dia
 blacklist ${HOME}/.dillo
 blacklist ${HOME}/.dosbox
@@ -339,6 +340,7 @@ blacklist ${HOME}/.vst
 blacklist ${HOME}/.w3m
 blacklist ${HOME}/.warzone2100-3.*
 blacklist ${HOME}/.weechat
+blacklist ${HOME}/.wgetrc
 blacklist ${HOME}/.wine
 blacklist ${HOME}/.wine64
 blacklist ${HOME}/.xiphos
diff --git a/etc/wget.profile b/etc/wget.profile
index 306ec4417..801e034ea 100644
--- a/etc/wget.profile
+++ b/etc/wget.profile
@@ -7,6 +7,7 @@ include /etc/firejail/globals.local
 include /etc/firejail/wget.local
 
 # wget profile
+noblacklist ~/.wgetrc
 include /etc/firejail/disable-common.inc
 include /etc/firejail/disable-programs.inc
 include /etc/firejail/disable-passwdmgr.inc