New profile: sniffnet (#5920)

glitsj16 · web-flow · commit 142a2130f792 · 2023-07-25T19:39:21.000Z
* disable-programs.inc: add sniffnet support

* Create sniffnet.profile

* firecfg.config: add sniffnet support
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc
@@ -624,6 +624,7 @@ blacklist ${HOME}/.config/slimjet
 blacklist ${HOME}/.config/smplayer
 blacklist ${HOME}/.config/smtube
 blacklist ${HOME}/.config/smuxi
+blacklist ${HOME}/.config/sniffnet
 blacklist ${HOME}/.config/snox
 blacklist ${HOME}/.config/sound-juicer
 blacklist ${HOME}/.config/specialmailcollectionsrc
diff --git a/etc/profile-m-z/sniffnet.profile b/etc/profile-m-z/sniffnet.profile
@@ -0,0 +1,49 @@
+# Firejail profile for sniffnet
+# Description: Network traffic monitor
+# This file is overwritten after every install/update
+# Persistent local customizations
+include sniffnet.local
+# Persistent global definitions
+include globals.local
+
+noblacklist ${HOME}/.config/sniffnet
+
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-proc.inc
+include disable-programs.inc
+include disable-xdg.inc
+
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+
+apparmor
+#caps.drop all
+caps.keep net_admin,net_raw
+netfilter
+nodvd
+nogroups
+noinput
+# nonewprivs - breaks network traffic capture for unprivileged users
+# noroot
+notv
+nou2f
+novideo
+#seccomp
+tracelog
+
+disable-mnt
+#private-bin sniffnet
+# private-dev prevents (some) interfaces from being shown.
+private-etc @network,@tls-ca
+private-tmp
+
+dbus-user none
+dbus-system none
+
+#restrict-namespaces
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config
@@ -774,6 +774,7 @@ slashem
 smplayer
 smtube
 smuxi-frontend-gnome
+sniffnet
 snox
 soffice
 sol
