From 305ef5a886f430ae22a882bfef90c1578f0d7e70 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Thu, 1 Aug 2019 11:28:36 +0200 Subject: rename rsync.profile to rsync-download_only.profile --- etc/rsync-download_only.profile | 53 +++++++++++++++++++++++++++++++++++++++++ etc/rsync.profile | 53 ----------------------------------------- 2 files changed, 53 insertions(+), 53 deletions(-) create mode 100644 etc/rsync-download_only.profile delete mode 100644 etc/rsync.profile diff --git a/etc/rsync-download_only.profile b/etc/rsync-download_only.profile new file mode 100644 index 000000000..b48a2fb85 --- /dev/null +++ b/etc/rsync-download_only.profile @@ -0,0 +1,53 @@ +# Firejail profile for rsync +# Description: a fast, versatile, remote (and local) file-copying tool +# This file is overwritten after every install/update +quiet +# Persistent local customizations +include rsync.local +# Persistent global definitions +include globals.local + +# Warning: This profile is writte to use rsync as an client for downloading, +# it is not writen to use rsync as an daemon (rsync --daemon) or to create backups. + +blacklist /tmp/.X11-unix + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +# Uncomment or add to rsync.local to enable extra hardening +#whitelist ${DOWNLOADS} +include whitelist-var-common.inc + +caps.drop all +ipc-namespace +machine-id +netfilter +no3d +nodbus +nodvd +nogroups +nonewprivs +noroot +nosound +notv +nou2f +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin rsync +private-cache +private-dev +private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl +private-tmp + +memory-deny-write-execute diff --git a/etc/rsync.profile b/etc/rsync.profile deleted file mode 100644 index b48a2fb85..000000000 --- a/etc/rsync.profile +++ /dev/null @@ -1,53 +0,0 @@ -# Firejail profile for rsync -# Description: a fast, versatile, remote (and local) file-copying tool -# This file is overwritten after every install/update -quiet -# Persistent local customizations -include rsync.local -# Persistent global definitions -include globals.local - -# Warning: This profile is writte to use rsync as an client for downloading, -# it is not writen to use rsync as an daemon (rsync --daemon) or to create backups. - -blacklist /tmp/.X11-unix - -include disable-common.inc -include disable-devel.inc -include disable-exec.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc -include disable-xdg.inc - -# Uncomment or add to rsync.local to enable extra hardening -#whitelist ${DOWNLOADS} -include whitelist-var-common.inc - -caps.drop all -ipc-namespace -machine-id -netfilter -no3d -nodbus -nodvd -nogroups -nonewprivs -noroot -nosound -notv -nou2f -novideo -protocol unix,inet,inet6 -seccomp -shell none -tracelog - -disable-mnt -private-bin rsync -private-cache -private-dev -private-etc alternatives,ca-certificates,crypto-policies,host.conf,hostname,hosts,nsswitch.conf,pki,protocols,resolv.conf,rpc,services,ssl -private-tmp - -memory-deny-write-execute -- cgit v1.2.3-54-g00ecf