A simple Firejail profile for MuWire

The MuWire file sharing application
Post Reply
User avatar
lgillis
Posts: 144
Joined: 20 Oct 2018 12:52

A simple Firejail profile for MuWire

Post by lgillis »

A simple Firejail profile for MuWire. The purpose is to limit the access of the program to what is necessary. It is a simple configuration for home use, which can be supplemented as needed.

Code: Select all

# Save as:
# ~/.config/firejail/muwire.profile

# A Firejail profile customized for MuWire based on the profile for
# rtorrent.

# The program call in the terminal looks something like the
# following. First, the path to the executable files is reset in
# order to exclude further paths without a message from
# Firejail, followed by the actual program call.
# Runnable example (one line without wrapping):

# PATH=/usr/local/bin:/usr/bin:/bin firejail --profile=$HOME/.config/firejail/muwire.profile --debug /opt/MuWire-0.8.10/bin/MuWire &

# General settings:
include globals.local
include disable-common.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc

caps.drop all
machine-id
netfilter
nodvd
noinput
nonewprivs
noroot
nosound
notv
nou2f
novideo
protocol unix,inet,inet6
seccomp
shell none
disable-mnt

private-cache
private-dev
private-tmp

include whitelist-common.inc

### Basic Blacklisting ###
# Directories that are taboo:
blacklist /media/
blacklist /mnt/
# blacklist /whatever/

### Home Directory Whitelisting ###
# Either share the entire Java Fonts directory or just the one
# that matches the current version number:
whitelist ${HOME}/.java/fonts/17
# The configuration directory must be accessible to MuWire:
whitelist ${HOME}/.config/MuWire
# The path to the distribution directories. It must match your
# MuWire configuration:
whitelist ${HOME}/MuWire/

### Filesystem Whitelisting ###
whitelist /usr/share/java
include whitelist-usr-share-common.inc
Spring https://www.youtube.com/playlist?list=PLF-q-IGQQb1uK7fYuaQiRpcORDSmfsY2n
zlatinb

Re: A simple Firejail profile for MuWire

Post by zlatinb »

Thank you for the contribution lg. Just to clarify, this is for the .zip distribution of MuWire. The .AppImage distribution would need a separate profile.

I'll add this profile to the wiki over at GitHub when I get a chance.
Post Reply