From 19c2c137bf99210f4ba48af57b3c9ac0624debd0 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 15 Jun 2017 20:53:29 -0400 Subject: curl profile --- README.md | 5 +++++ RELNOTES | 1 + etc/curl.profile | 35 +++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 2 ++ etc/wget.profile | 1 + platform/debian/conffiles | 1 + 6 files changed, 45 insertions(+) create mode 100644 etc/curl.profile diff --git a/README.md b/README.md index fa5b9199f..bc0ba475a 100644 --- a/README.md +++ b/README.md @@ -63,3 +63,8 @@ Use this issue to request new profiles: https://github.com/netblue30/firejail/is ````` # Current development version: 0.9.49 + +## New profiles: + +curl + diff --git a/RELNOTES b/RELNOTES index 684a0c731..b7a0c49e7 100644 --- a/RELNOTES +++ b/RELNOTES @@ -1,5 +1,6 @@ firejail (0.9.49) baseline; urgency=low * work in progress! + * new profiles: curl * bugfixes -- netblue30 Mon, 12 Jun 2017 20:00:00 -0500 diff --git a/etc/curl.profile b/etc/curl.profile new file mode 100644 index 000000000..58b5f050a --- /dev/null +++ b/etc/curl.profile @@ -0,0 +1,35 @@ +quiet +# Persistent global definitions go here +include /etc/firejail/globals.local + +# This file is overwritten during software install. +# Persistent customizations should go in a .local file. +include /etc/firejail/curl.local + +# curl profile +noblacklist ~/.curlrc +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-programs.inc +include /etc/firejail/disable-passwdmgr.inc + +caps.drop all +#ipc-namespace +netfilter +no3d +nogroups +nonewprivs +noroot +nosound +protocol unix,inet,inet6 +seccomp +shell none + +blacklist /tmp/.X11-unix + +# private-bin curl +private-dev +# private-etc resolv.conf +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 41889cc5f..4d77218de 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -170,6 +170,7 @@ blacklist ${HOME}/.config/xviewer blacklist ${HOME}/.config/zathura blacklist ${HOME}/.config/zoomus.conf blacklist ${HOME}/.conkeror.mozdev.org +blacklist ${HOME}/.curlrc blacklist ${HOME}/.dia blacklist ${HOME}/.dillo blacklist ${HOME}/.dosbox @@ -339,6 +340,7 @@ blacklist ${HOME}/.vst blacklist ${HOME}/.w3m blacklist ${HOME}/.warzone2100-3.* blacklist ${HOME}/.weechat +blacklist ${HOME}/.wgetrc blacklist ${HOME}/.wine blacklist ${HOME}/.wine64 blacklist ${HOME}/.xiphos diff --git a/etc/wget.profile b/etc/wget.profile index 306ec4417..801e034ea 100644 --- a/etc/wget.profile +++ b/etc/wget.profile @@ -7,6 +7,7 @@ include /etc/firejail/globals.local include /etc/firejail/wget.local # wget profile +noblacklist ~/.wgetrc include /etc/firejail/disable-common.inc include /etc/firejail/disable-programs.inc include /etc/firejail/disable-passwdmgr.inc diff --git a/platform/debian/conffiles b/platform/debian/conffiles index 7d36714c1..1fb8c86e7 100644 --- a/platform/debian/conffiles +++ b/platform/debian/conffiles @@ -307,3 +307,4 @@ /etc/firejail/darktable.profile /etc/firejail/waterfox.profile /etc/firejail/handbrake.profile +/etc/firejail/curl.profile -- cgit v1.2.3-70-g09d2