added whois and dig profiles

2026-05-21 06:45:29 -06:00 · 2018-08-30 07:29:05 -04:00 · 2018-08-30 07:29:05 -04:00 · ef4409e7b7
commit ef4409e7b7
parent bbac3af66e
8 changed files with 131 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -167,4 +167,4 @@ We also keep a list of profile fixes for previous released versions in [etc-fixe
 ## New profiles
 Microsoft Office Online, riot-desktop, gnome-mpv, snox, gradio, standardnotes-desktop,
 shellcheck, patch, flameshot, rview, rvim, vimcat, vimdiff, vimpager, vimtutor,
-xxd, Beaker, electrum, clamtk, pybitmessage
+xxd, Beaker, electrum, clamtk, pybitmessage, dig, whois
--- a/2
+++ b/2
@ -19,7 +19,7 @@ firejail (0.9.56~rc1) baseline; urgency=low
  * new profiles: ms-skype, ms-word, riot-desktop, gnome-mpv, snox, gradio,
  * new profiles: standardnotes-desktop, shellcheck, patch, flameshot,
  * new profiles: rview, rvim, vimcat, vimdiff, vimpager, vimtutor, xxd,
-  * new profiles: Beaker, electrum, clamtk, pybitmessage
+  * new profiles: Beaker, electrum, clamtk, pybitmessage, dig, whois
 -- netblue30 <netblue30@yahoo.com>  Sat, 11 Aug 2018 08:00:00 -0500

 firejail (0.9.54) baseline; urgency=low
--- a/etc/dig.profile
+++ b/etc/dig.profile
@ -0,0 +1,47 @@
+quiet
+# Firejail profile for dig
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/dig.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+# include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
+
+whitelist ~/.digrc
+include /etc/firejail/whitelist-common.inc
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+# ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private
+private-bin sh,bash,dig
+private-cache
+private-dev
+# private-etc resolv.conf
+private-lib
+private-tmp
+
+memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
--- a/etc/whois.profile
+++ b/etc/whois.profile
@ -0,0 +1,45 @@
+quiet
+# Firejail profile for whois
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/whois.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+include /etc/firejail/disable-common.inc
+# include /etc/firejail/disable-devel.inc
+# include /etc/firejail/disable-interpreters.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+#include /etc/firejail/disable-xdg.inc
+
+include /etc/firejail/whitelist-var-common.inc
+
+caps.drop all
+# ipc-namespace
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+nosound
+notv
+novideo
+protocol inet,inet6
+seccomp
+shell none
+
+disable-mnt
+private
+private-bin sh,bash,whois
+private-cache
+private-dev
+# private-etc hosts,services,whois.conf
+private-lib
+private-tmp
+
+memory-deny-write-execute
+# noexec ${HOME}
+# noexec /tmp
--- a/src/firecfg/firecfg.config
+++ b/src/firecfg/firecfg.config
@ -94,6 +94,7 @@ deadbeef
 deluge
 dex2jar
 dia
+dig
 digikam
 dillo
 dino
@ -442,6 +443,7 @@ weechat
 weechat-curses
 wesnoth
 wget
+whois
 wine
 wire-desktop
 wireshark
--- a/test/private-lib/dig.exp
+++ b/test/private-lib/dig.exp
@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail dig 1.1.1.1\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"Query time"
+}
+
+after 100
+puts "\nall done\n"
--- a/test/private-lib/private-lib.sh
+++ b/test/private-lib/private-lib.sh
@ -5,7 +5,7 @@

 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
-LIST="evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"
+LIST="dig whois evince galculator gnome-calculator gedit leafpad mousepad pluma transmission-gtk xcalc atril gpicview eom eog"


 for app in $LIST; do
--- a/test/private-lib/whois.exp
+++ b/test/private-lib/whois.exp
@ -0,0 +1,17 @@
+#!/usr/bin/expect -f
+# This file is part of Firejail project
+# Copyright (C) 2014-2018 Firejail Authors
+# License GPL v2
+
+set timeout 10
+spawn $env(SHELL)
+match_max 100000
+
+send -- "firejail whois debian.org\r"
+expect {
+	timeout {puts "TESTING ERROR 0\n";exit}
+	"Domain Name"
+}
+
+after 100
+puts "\nall done\n"