bsdtar profile, #1642

README.md

@@ -236,7 +236,7 @@ imagej, karbon, kdenlive, krita, linphone, lmms, macrofusion, mpd, natron, Natro
 ricochet, shotcut, teamspeak3, tor, tor-browser-en, Viber, x-terminal-emulator, zart,
 conky, arch-audit, ffmpeg, bluefish, cliqz, cinelerra, openshot-qt, pinta, uefitool,
 aosp, pdfmod, gnome-ring, signal-desktop, xcalc, zaproxy, kopete, kget, nheko, Enpass,
-kwin_x11, krunner, ping
+kwin_x11, krunner, ping, bsdtar
 
 Upstreamed many profiles from the following sources: https://github.com/chiraag-nataraj/firejail-profiles,
 https://github.com/nyancat18/fe, and https://aur.archlinux.org/packages/firejail-profiles.

RELNOTES

@@ -41,7 +41,7 @@ firejail (0.9.51) baseline; urgency=low
       Viber, x-terminal-emulator, zart, conky, arch-audit, ffmpeg, bluefish,
       cinelerra, openshot-qt, pinta, uefitool, aosp, pdfmod, gnome-ring,
       xcalc, zaproxy, kopete, cliqz, signal-desktop, kget, nheko, Enpass,
-      kwin_x11, krunner, ping
+      kwin_x11, krunner, ping, bsdtar
 
  -- netblue30 <netblue30@yahoo.com>  Thu, 9 Nov 2017 08:00:00 -0500
 

etc/bsdtar.profile

@@ -0,0 +1,41 @@
+# Firejail profile for bsdtar
+# This file is overwritten after every install/update
+quiet
+# Persistent local customizations
+include /etc/firejail/bsdtar.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+blacklist /tmp/.X11-unix
+
+hostname bsdtar
+caps.drop all
+ipc-namespace
+netfilter
+no3d
+nodvd
+nogroups
+nonewprivs
+# noroot
+nosound
+notv
+novideo
+nonewprivs
+protocol unix
+seccomp
+shell none
+
+tracelog
+
+# support compressed archives
+private-bin sh,bash,dash,bsdtar,gtar,compress,gzip,lzma,xz,bzip2,lbzip2,lzip,lzop,lz4,libarchive
+private-dev
+private-etc passwd,group,localtime
+
+
+