5 files changed, 22 insertions, 7 deletions
diff --git a/etc/cpio.profile b/etc/cpio.profile
index f10b82962..b0e59c106 100644
--- a/etc/cpio.profile
+++ b/etc/cpio.profile
@@ -1,10 +1,21 @@
 # cpio profile
-# testing: find . -print -depth | cpio -ov > tree.cpio
+# /sbin and /usr/sbin are visible inside the sandbox
-include /etc/firejail/default.profile
+# /boot is not visible and /var is heavily modified 
-tracelog
+noblacklist /sbin
+noblacklist /usr/sbin
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-passwdmgr.inc
+private-dev
+private-tmp
+seccomp
+caps.drop all
 net none
 shell none
-private-bin cpio
+tracelog
-private-dev
+net none
diff --git a/etc/gzip.profile b/etc/gzip.profile
index 3c9e8a9bf..8d35c9f66 100644
--- a/etc/gzip.profile
+++ b/etc/gzip.profile
@@ -4,3 +4,4 @@ tracelog
 net none
 shell none
 private-dev
+private-tmp
diff --git a/etc/strings.profile b/etc/strings.profile
index 8be9a5719..9bc67cfb8 100644
--- a/etc/strings.profile
+++ b/etc/strings.profile
@@ -4,3 +4,4 @@ tracelog
 net none
 shell none
 private-dev
+private-tmp
diff --git a/etc/xz.profile b/etc/xz.profile
new file mode 100644
index 000000000..709585acd
--- /dev/null
+++ b/etc/xz.profile
@@ -0,0 +1,2 @@
+# xz profile
+include /etc/firejail/cpio.profile
diff --git a/etc/xzdec.profile b/etc/xzdec.profile
index ade46dddd..1bff66965 100644
--- a/etc/xzdec.profile
+++ b/etc/xzdec.profile
@@ -1,7 +1,7 @@
-# XZ decompressor profile
+# xzdec profile
 include /etc/firejail/default.profile
 tracelog
 net none
 shell none
 private-dev
+private-tmp

diff --git a/etc/cpio.profile b/etc/cpio.profile index f10b82962..b0e59c106 100644 --- a/etc/cpio.profile +++ b/etc/cpio.profile
@@ -1,10 +1,21 @@
1	# cpio profile	1	# cpio profile
2	# testing: find . -print -depth \| cpio -ov > tree.cpio	2	# /sbin and /usr/sbin are visible inside the sandbox
3	include /etc/firejail/default.profile	3	# /boot is not visible and /var is heavily modified
4	tracelog	4
		5	noblacklist /sbin
		6	noblacklist /usr/sbin
		7	include /etc/firejail/disable-common.inc
		8	include /etc/firejail/disable-programs.inc
		9	include /etc/firejail/disable-passwdmgr.inc
		10
		11	private-dev
		12	private-tmp
		13	seccomp
		14	caps.drop all
5	net none	15	net none
6	shell none	16	shell none
7	private-bin cpio	17	tracelog
8	private-dev	18	net none
		19
9		20
10		21


diff --git a/etc/gzip.profile b/etc/gzip.profile index 3c9e8a9bf..8d35c9f66 100644 --- a/etc/gzip.profile +++ b/etc/gzip.profile
@@ -4,3 +4,4 @@ tracelog
4	net none	4	net none
5	shell none	5	shell none
6	private-dev	6	private-dev
		7	private-tmp


diff --git a/etc/strings.profile b/etc/strings.profile index 8be9a5719..9bc67cfb8 100644 --- a/etc/strings.profile +++ b/etc/strings.profile
@@ -4,3 +4,4 @@ tracelog
4	net none	4	net none
5	shell none	5	shell none
6	private-dev	6	private-dev
		7	private-tmp


diff --git a/etc/xz.profile b/etc/xz.profile new file mode 100644 index 000000000..709585acd --- /dev/null +++ b/etc/xz.profile
@@ -0,0 +1,2 @@
		1	# xz profile
		2	include /etc/firejail/cpio.profile


diff --git a/etc/xzdec.profile b/etc/xzdec.profile index ade46dddd..1bff66965 100644 --- a/etc/xzdec.profile +++ b/etc/xzdec.profile
@@ -1,7 +1,7 @@
1	# XZ decompressor profile	1	# xzdec profile
2	include /etc/firejail/default.profile	2	include /etc/firejail/default.profile
3	tracelog	3	tracelog
4	net none	4	net none
5	shell none	5	shell none
6	private-dev	6	private-dev
7		7	private-tmp