From a9b9cbfd98a6539fba30078374800791ed39b301 Mon Sep 17 00:00:00 2001
From: glitsj16 <glitsj16@users.noreply.github.com>
Date: Wed, 21 Aug 2019 21:50:32 +0000
Subject: Refactor transmission profiles (#2920)

* Refactor transmission-cli

* Create transmission-common.profile

* Refactor transmission-create

* Refactor transmission-daemon

* Refactor transmission-edit

* Refactor transmission-gtk

* Refactor transmission-qt

* Refactor transmission-remote-cli

* Refactor transmission-remote-gtk

* Refactor transmission-remote

* Refactor transmission-show
---
 etc/transmission-cli.profile        | 38 ++++------------------------
 etc/transmission-common.profile     | 49 +++++++++++++++++++++++++++++++++++++
 etc/transmission-create.profile     |  4 ++-
 etc/transmission-daemon.profile     | 43 +++++++++-----------------------
 etc/transmission-edit.profile       |  4 ++-
 etc/transmission-gtk.profile        | 48 ++++++------------------------------
 etc/transmission-qt.profile         | 48 +++++++-----------------------------
 etc/transmission-remote-cli.profile | 11 ++-------
 etc/transmission-remote-gtk.profile | 18 ++++++++------
 etc/transmission-remote.profile     | 38 ++++------------------------
 etc/transmission-show.profile       | 38 +++++-----------------------
 11 files changed, 110 insertions(+), 229 deletions(-)
 create mode 100644 etc/transmission-common.profile

(limited to 'etc')

diff --git a/etc/transmission-cli.profile b/etc/transmission-cli.profile
index 60732bcf2..d41b994a3 100644
--- a/etc/transmission-cli.profile
+++ b/etc/transmission-cli.profile
@@ -5,39 +5,11 @@ quiet
 # Persistent local customizations
 include transmission-cli.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-
-# private-bin transmission-cli
-private-dev
+#private-bin transmission-cli
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
-private-lib
-private-tmp
 
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-common.profile b/etc/transmission-common.profile
new file mode 100644
index 000000000..e786fa8a3
--- /dev/null
+++ b/etc/transmission-common.profile
@@ -0,0 +1,49 @@
+# Firejail profile for transmission-common
+# Description: Fast, easy and free BitTorrent client
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include transmission-gtk.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.cache/transmission
+noblacklist ${HOME}/.config/transmission
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+
+mkdir ${HOME}/.cache/transmission
+mkdir ${HOME}/.config/transmission
+whitelist ${DOWNLOADS}
+whitelist ${HOME}/.cache/transmission
+whitelist ${HOME}/.config/transmission
+include whitelist-common.inc
+include whitelist-var-common.inc
+
+apparmor
+caps.drop all
+machine-id
+netfilter
+nodbus
+nodvd
+nonewprivs
+noroot
+nosound
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+
+private-dev
+private-lib
+private-tmp
+
+memory-deny-write-execute
diff --git a/etc/transmission-create.profile b/etc/transmission-create.profile
index 92a4770e2..7c09878bc 100644
--- a/etc/transmission-create.profile
+++ b/etc/transmission-create.profile
@@ -8,5 +8,7 @@ include transmission-create.local
 # added by included profile
 #include globals.local
 
+private-bin transmission-create
+
 # Redirect
-include transmission-cli.profile
+include transmission-common.profile
diff --git a/etc/transmission-daemon.profile b/etc/transmission-daemon.profile
index 9a6052ada..1c092ad17 100644
--- a/etc/transmission-daemon.profile
+++ b/etc/transmission-daemon.profile
@@ -5,40 +5,19 @@ quiet
 # Persistent local customizations
 include transmission-daemon.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
+whitelist /var/lib/transmission
 
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
+caps.keep ipc_lock,net_bind_service,setgid,setuid,sys_chroot
 
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nogroups
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-
-# private-bin transmission-daemon
-private-dev
+#private-bin transmission-daemon
 private-etc alternatives,ca-certificates,crypto-policies,nsswitch.conf,pki,resolv.conf,ssl
-private-lib
-private-tmp
 
-memory-deny-write-execute
+read-write /var/lib/transmission
+writable-var-log
+writable-run-user
+
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-edit.profile b/etc/transmission-edit.profile
index 6d8a98911..487ea8e51 100644
--- a/etc/transmission-edit.profile
+++ b/etc/transmission-edit.profile
@@ -8,5 +8,7 @@ include transmission-edit.local
 # added by included profile
 #include globals.local
 
+private-bin transmission-edit
+
 # Redirect
-include transmission-cli.profile
+include transmission-common.profile
diff --git a/etc/transmission-gtk.profile b/etc/transmission-gtk.profile
index 29df63573..a45d672ac 100644
--- a/etc/transmission-gtk.profile
+++ b/etc/transmission-gtk.profile
@@ -1,50 +1,16 @@
 # Firejail profile for transmission-gtk
 # Description: Fast, easy and free BitTorrent client (GTK GUI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-gtk.local
 # Persistent global definitions
-include globals.local
-
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
+# added by included profile
+#include globals.local
 
 private-bin transmission-gtk
-private-dev
-private-lib
-private-tmp
 
-# Causes freeze during opening file dialog in Archlinux, see issue #1855
-# memory-deny-write-execute
+ignore memory-deny-write-execute
+
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-qt.profile b/etc/transmission-qt.profile
index 9fda5245f..f207a7e90 100644
--- a/etc/transmission-qt.profile
+++ b/etc/transmission-qt.profile
@@ -1,49 +1,19 @@
 # Firejail profile for transmission-qt
 # Description: Fast, easy and free BitTorrent client (Qt GUI)
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-qt.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${DOWNLOADS}
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
+private-bin transmission-qt
 
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol unix,inet,inet6
-seccomp
-shell none
-tracelog
+# private-lib - breaks on Arch
+ignore private-lib
 
-private-bin transmission-qt
-private-dev
-# private-lib - problems on Arch
-private-tmp
+ignore memory-deny-write-execute
 
-# memory-deny-write-execute - problems on Qt 5.10.0, KDE Frameworks 5.41.0
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-remote-cli.profile b/etc/transmission-remote-cli.profile
index 2e7a31545..6ae6a957c 100644
--- a/etc/transmission-remote-cli.profile
+++ b/etc/transmission-remote-cli.profile
@@ -12,15 +12,8 @@ include transmission-remote-cli.local
 include	allow-python2.inc
 include	allow-python3.inc
 
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
-
-# private-bin python*
+private-bin python*,transmission-remote-cli
 private-etc fonts
 
 # Redirect
-include transmission-remote.profile
+include transmission-common.profile
diff --git a/etc/transmission-remote-gtk.profile b/etc/transmission-remote-gtk.profile
index 5a57e4887..f0b313aed 100644
--- a/etc/transmission-remote-gtk.profile
+++ b/etc/transmission-remote-gtk.profile
@@ -8,14 +8,16 @@ include transmission-remote-gtk.local
 # added by included profile
 #include globals.local
 
-mkdir ${HOME}/.cache/transmission
-mkdir ${HOME}/.config/transmission
-whitelist ${HOME}/.cache/transmission
-whitelist ${HOME}/.config/transmission
-include whitelist-common.inc
-include whitelist-var-common.inc
+noblacklist ${HOME}/.config/transmission-remote-gtk
 
-private-etc fonts
+mkdir ${HOME}/.config/transmission-remote-gtk
+whitelist ${HOME}/.config/transmission-remote-gtk
+
+private-etc fonts,hostname,hosts,resolv.conf
+# Problems with private-lib (see issue #2889)
+ignore private-lib
+
+ignore memory-deny-write-execute
 
 # Redirect
-include transmission-remote.profile
+include transmission-common.profile
diff --git a/etc/transmission-remote.profile b/etc/transmission-remote.profile
index ddeb9adf9..9ef7119d9 100644
--- a/etc/transmission-remote.profile
+++ b/etc/transmission-remote.profile
@@ -5,39 +5,11 @@ quiet
 # Persistent local customizations
 include transmission-remote.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-
-# private-bin transmission-remote
-private-dev
+private-bin transmission-remote
 private-etc alternatives,hosts,nsswitch.conf
-private-lib
-private-tmp
 
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
diff --git a/etc/transmission-show.profile b/etc/transmission-show.profile
index 779606f04..89051f956 100644
--- a/etc/transmission-show.profile
+++ b/etc/transmission-show.profile
@@ -1,41 +1,15 @@
 # Firejail profile for transmission-show
 # Description: CLI utility to show BitTorrent .torrent file metadata
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include transmission-show.local
 # Persistent global definitions
-include globals.local
+# added by included profile
+#include globals.local
 
-noblacklist ${HOME}/.cache/transmission
-noblacklist ${HOME}/.config/transmission
-
-include disable-common.inc
-include disable-devel.inc
-include disable-exec.inc
-include disable-interpreters.inc
-include disable-passwdmgr.inc
-include disable-programs.inc
-
-apparmor
-caps.drop all
-machine-id
-netfilter
-nodbus
-nodvd
-nonewprivs
-noroot
-nosound
-notv
-nou2f
-novideo
-protocol inet,inet6
-seccomp
-shell none
-tracelog
-
-private-dev
+private-bin transmission-show
 private-etc alternatives,hosts,nsswitch.conf
-private-lib
-private-tmp
 
-memory-deny-write-execute
+# Redirect
+include transmission-common.profile
-- 
cgit v1.2.3-54-g00ecf