Mirrors/spark
1
0
Fork 0
mirror of https://github.com/pigmonkey/spark.git synced 2026-01-23 02:24:09 +00:00
Code Issues Projects Releases Wiki Activity

automatically include firejail profiles

Browse source
This commit is contained in:
Pig Monkey 2016-04-02 10:28:48 -07:00
parent 96a523aa54
commit 5187c982aa
11 changed files with 61 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -72,12 +72,11 @@ during any of the provisioning.
Many applications are sandboxed with [Firejail][10]. This behavior should be
largely invisible to the user.
Where appropriate, custom security profiles have been provided for certain
applications. These are automatically installed to `/usr/local/etc/firejail`.
Note that Firejail does not look in this directory by default. To use these
security profiles, they must either be specified on the command-line or
included in an appropriately named profile located in `~/.config/firejail/`.
This latter option is the preferred method.
Custom security profiles are provided for certain applications. These are
installed to `/usr/local/etc/firejail`. Firejail does not look in this
directory by default. To use the security profiles, they must either be
specified on the command-line or included in an appropriately named profile
located in `~/.config/firejail`.
# Example 1:
# Launch Firefox using the custom profile by specifying the full path of the profile.
@ -91,6 +90,12 @@ This latter option is the preferred method.
$ echo 'include /usr/local/etc/firejail/firefox.profile' > ~/.config/firejail/firefox.profile
$ firejail /usr/bin/firefox
The script `profile-activate` is provided to automatically include the profiles
when appropriate. For every profile located in `/usr/local/etc/firejail`, the
script looks for a profile with the same name in `~/.config/firejail`. If one
is not found, it will create a profile that simply includes the system profile,
as in the third example above. It will not modify any existing user profiles.
## MAC Spoofing
By default, the MAC address of all network interfaces is spoofed at boot,

4
roles/browsers/tasks/main.yml
View file

@ -17,6 +17,8 @@
- name: Push Firefox firejail profile
copy: src=firejail/firefox.profile dest=/usr/local/etc/firejail/firefox.profile
notify:
- activate firejail profiles
tags:
- firefox
- firejail
@ -36,6 +38,8 @@
- name: Push Chromium firejail profile
copy: src=firejail/chromium.profile dest=/usr/local/etc/firejail/chromium.profile
notify:
- activate firejail profiles
tags:
- chromium
- firejail

2
roles/calibre/tasks/main.yml
View file

@ -11,5 +11,7 @@
- name: Push calibre firejail profile
copy: src=firejail/calibre.profile dest=/usr/local/etc/firejail/calibre.profile
notify:
- activate firejail profiles
tags:
- firejail

20
roles/firejail/files/profile-activate.sh Executable file
View file

@ -0,0 +1,20 @@
#!/bin/bash
PROFILEDIR=~/.config/firejail
SYSDIR=/usr/local/etc/firejail
# If the profile directory does not exist, create it.
if [ ! -d "$PROFILEDIR" ]; then
mkdir -p "$PROFILEDIR"
fi
# For every system profile, create a user profile if one does not already
# exist.
for path in "$SYSDIR"/*.profile; do
file=`basename $path`
destination=$PROFILEDIR/$file
if [ ! -e $destination ]; then
echo "creating $destination"
echo "include $SYSDIR/$file" > $destination
fi
done

5
roles/firejail/handlers/main.yml Normal file
View file

@ -0,0 +1,5 @@
---
- name: activate firejail profiles
command: /usr/local/bin/profile-activate
become: yes
become_user: "{{ user.name }}"

5
roles/firejail/tasks/main.yml
View file

@ -4,6 +4,9 @@
tags:
- aur
- name: Install firejail profile update script
copy: src=profile-activate.sh dest=/usr/local/bin/profile-activate mode=0755
- name: Install firewarden.sh script
copy: src=firewarden/firewarden dest=/usr/local/bin/firewarden mode=0755
@ -17,5 +20,7 @@
- name: Push generic firejail profile
copy: src=generic.profile dest=/usr/local/etc/firejail/generic.profile
notify:
- activate firejail profiles
tags:
- firejail

4
roles/mpd/tasks/main.yml
View file

@ -11,6 +11,8 @@
- name: Push mpd firejail profile
copy: src=firejail/mpd.profile dest=/usr/local/etc/firejail/mpd.profile
notify:
- activate firejail profiles
tags:
- firejail
@ -41,5 +43,7 @@
- name: Push ncmpcpp firejail profile
copy: src=firejail/ncmpcpp.profile dest=/usr/local/etc/firejail/ncmpcpp.profile
notify:
- activate firejail profiles
tags:
- firejail

2
roles/mpv/tasks/main.yml
View file

@ -11,5 +11,7 @@
- name: Push mpv firejail profile
copy: src=firejail/mpv.profile dest=/usr/local/etc/firejail/mpv.profile
notify:
- activate firejail profiles
tags:
- firejail

4
roles/office/tasks/main.yml
View file

@ -11,6 +11,8 @@
- name: Push LibreOffice firejail profile
copy: src=firejail/libreoffice.profile dest=/usr/local/etc/firejail/libreoffice.profile
notify:
- activate firejail profiles
tags:
- firejail
@ -27,6 +29,8 @@
- name: Push Zathura firejail profile
copy: src=firejail/zathura.profile dest=/usr/local/etc/firejail/zathura.profile
notify:
- activate firejail profiles
tags:
- firejail

2
roles/pianobar/tasks/main.yml
View file

@ -11,5 +11,7 @@
- name: Push pianobar firejail profile
copy: src=firejail/pianobar.profile dest=/usr/local/etc/firejail/pianobar.profile
notify:
- activate firejail profiles
tags:
- firejail

2
roles/rtorrent/tasks/main.yml
View file

@ -11,5 +11,7 @@
- name: Push rtorrent firejail profile
copy: src=firejail/rtorrent.profile dest=/usr/local/etc/firejail/rtorrent.profile
notify:
- activate firejail profiles
tags:
- firejail