From dcfb4b9522cf0cc074c36d73bf5eb108a658eee7 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 18 Sep 2017 12:19:15 -0400
Subject: Add a profile for ClamAV's clamscan

---
 etc/clamscan.profile | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 etc/clamscan.profile

(limited to 'etc/clamscan.profile')

diff --git a/etc/clamscan.profile b/etc/clamscan.profile
new file mode 100644
index 000000000..2fd10171f
--- /dev/null
+++ b/etc/clamscan.profile
@@ -0,0 +1,32 @@
+# Firejail profile for clamscan
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamscan.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+
+private-dev
+read-only ${HOME}
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
-- 
cgit v1.2.3-70-g09d2


From ae5948cb84bd1327ab9f6f0577fd75bfe9a74787 Mon Sep 17 00:00:00 2001
From: Tad <tad@spotco.us>
Date: Mon, 18 Sep 2017 14:27:58 -0400
Subject: Add a profile for clamdscan, clamdtop, and freshclam

---
 etc/clamav.profile         | 32 ++++++++++++++++++++++++++++++++
 etc/clamdscan.profile      |  6 ++++++
 etc/clamdtop.profile       |  6 ++++++
 etc/clamscan.profile       | 32 +++-----------------------------
 etc/freshclam.profile      | 34 ++++++++++++++++++++++++++++++++++
 src/firecfg/firecfg.config |  3 +++
 6 files changed, 84 insertions(+), 29 deletions(-)
 create mode 100644 etc/clamav.profile
 create mode 100644 etc/clamdscan.profile
 create mode 100644 etc/clamdtop.profile
 create mode 100644 etc/freshclam.profile

(limited to 'etc/clamscan.profile')

diff --git a/etc/clamav.profile b/etc/clamav.profile
new file mode 100644
index 000000000..a5aacc1d5
--- /dev/null
+++ b/etc/clamav.profile
@@ -0,0 +1,32 @@
+# Firejail profile for clamav
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamav.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+
+caps.drop all
+ipc-namespace
+net none
+no3d
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix
+seccomp
+shell none
+tracelog
+x11 none
+
+private-dev
+read-only ${HOME}
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/etc/clamdscan.profile b/etc/clamdscan.profile
new file mode 100644
index 000000000..1fc728206
--- /dev/null
+++ b/etc/clamdscan.profile
@@ -0,0 +1,6 @@
+# Firejail profile alias for clamav
+# This file is overwritten after every install/update
+
+
+# Redirect
+include /etc/firejail/clamav.profile
diff --git a/etc/clamdtop.profile b/etc/clamdtop.profile
new file mode 100644
index 000000000..1fc728206
--- /dev/null
+++ b/etc/clamdtop.profile
@@ -0,0 +1,6 @@
+# Firejail profile alias for clamav
+# This file is overwritten after every install/update
+
+
+# Redirect
+include /etc/firejail/clamav.profile
diff --git a/etc/clamscan.profile b/etc/clamscan.profile
index 2fd10171f..1fc728206 100644
--- a/etc/clamscan.profile
+++ b/etc/clamscan.profile
@@ -1,32 +1,6 @@
-# Firejail profile for clamscan
+# Firejail profile alias for clamav
 # This file is overwritten after every install/update
-quiet
-# Persistent local customizations
-include /etc/firejail/clamscan.local
-# Persistent global definitions
-include /etc/firejail/globals.local
 
 
-caps.drop all
-ipc-namespace
-net none
-no3d
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-novideo
-protocol unix
-seccomp
-shell none
-tracelog
-x11 none
-
-private-dev
-read-only ${HOME}
-
-memory-deny-write-execute
-noexec ${HOME}
-noexec /tmp
+# Redirect
+include /etc/firejail/clamav.profile
diff --git a/etc/freshclam.profile b/etc/freshclam.profile
new file mode 100644
index 000000000..08eac5595
--- /dev/null
+++ b/etc/freshclam.profile
@@ -0,0 +1,34 @@
+# Firejail profile for freshclam
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/clamav.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+
+caps.keep setgid,setuid
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+disable-mnt
+private
+private-dev
+private-tmp
+writable-var
+writable-var-log
+
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
index e623a1aa2..600743a41 100644
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@@ -41,6 +41,8 @@ catfish
 cherrytree
 chromium
 chromium-browser
+clamdscan
+clamdtop
 clamscan
 claws-mail
 clementine
@@ -86,6 +88,7 @@ flashpeak-slimjet
 flowblade
 fontforge
 franz
+freshclam
 frozen-bubble
 gajim
 galculator
-- 
cgit v1.2.3-70-g09d2