Skip to content

Commit

Permalink
archaudit-report and cower for Arch platforms, #1642
Browse files Browse the repository at this point in the history
  • Loading branch information
netblue30 committed Nov 15, 2017
1 parent d0ae074 commit 6c10737
Show file tree
Hide file tree
Showing 4 changed files with 91 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natro
ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,
kwin_x11, krunner, ping, bsdtar, makepkg (Arch),
kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report, cower (Arch)

Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.
3 changes: 2 additions & 1 deletion RELNOTES
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ firejail (0.9.51) baseline; urgency=low
Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,
kwin_x11, krunner, ping, bsdtar, makepkg (Arch)
kwin_x11, krunner, ping, bsdtar, makepkg (Arch), archaudit-report
cower (Arch)

-- netblue30 <netblue30@yahoo.com> Thu, 9 Nov 2017 08:00:00 -0500

Expand Down
41 changes: 41 additions & 0 deletions etc/archaudit-report.profile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Firejail profile for archaudit-report
# This file is overwritten after every install/update
quiet
# Persistent local customizations
include /etc/firejail/archaudit-report.local
# Persistent global definitions
include /etc/firejail/globals.local


noblacklist /var/lib/pacman

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc
include /etc/firejail/whitelist-common.inc

caps.drop all
ipc-namespace
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
shell none

disable-mnt
private
private-bin archaudit-report,arch-audit,bash,cat,comm,cut,date,fold,grep,pacman,pactree,rm,sed,sort,whoneeds
#private-dev
private-tmp

memory-deny-write-execute
noexec ${HOME}
noexec /tmp
47 changes: 47 additions & 0 deletions etc/cower.profile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Firejail profile for cower
# This file is overwritten after every install/update

# This profile could be significantly strengthened by adding the following to cower.local
# whitelist ~/<Your Build Folder>
# whitelist ~/.config/cower/

quiet

# Persistent local customizations
include /etc/firejail/cower.local
# Persistent global definitions
include /etc/firejail/globals.local

noblacklist ~/.config/cower/config
read-only ~/.config/cower/config

noblacklist /var/lib/pacman

include /etc/firejail/disable-common.inc
include /etc/firejail/disable-devel.inc
include /etc/firejail/disable-passwdmgr.inc
include /etc/firejail/disable-programs.inc

caps.drop all
ipc-namespace
netfilter
no3d
nodvd
nogroups
nonewprivs
noroot
nosound
notv
novideo
protocol unix,inet,inet6
seccomp
shell none

disable-mnt
private-bin cower
private-dev
private-tmp

memory-deny-write-execute
noexec ${HOME}
noexec /tmp

0 comments on commit 6c10737

Please sign in to comment.