summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess2016-06-19 13:14:42 -0400
committerJoey Hess2016-06-19 13:14:42 -0400
commitc017788490caddd222c3a977ad32ec00a61a266e (patch)
tree8d2e5e83159353950023161b4c79ac4792f6d856
parentf33b0948218e7b3d510f6bf37785cda107a630d8 (diff)
parent0e09a8cfdffb2cd99cf86c04bade4a9261101a2c (diff)
Merge remote-tracking branch 'spwhitton/firejail'
-rw-r--r--src/Propellor/Property.hs12
-rw-r--r--src/Propellor/Property/Firejail.hs31
2 files changed, 42 insertions, 1 deletions
diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs
index af36ed58..fe314941 100644
--- a/src/Propellor/Property.hs
+++ b/src/Propellor/Property.hs
@@ -16,6 +16,7 @@ module Propellor.Property (
, check
, fallback
, revert
+ , applyToList
-- * Property descriptions
, describe
, (==>)
@@ -53,7 +54,8 @@ import System.Posix.Files
import qualified Data.Hash.MD5 as MD5
import Data.List
import Control.Applicative
-import Prelude
+import Data.Foldable (Foldable, foldr1)
+import Prelude hiding (Foldable)
import Propellor.Types
import Propellor.Types.Core
@@ -341,6 +343,14 @@ unsupportedOS' = go =<< getOS
revert :: RevertableProperty setup undo -> RevertableProperty undo setup
revert (RevertableProperty p1 p2) = RevertableProperty p2 p1
+-- | Apply a property to each element of a list.
+applyToList
+ :: (Foldable t, Functor t, IsProp p, Combines p p, p ~ CombinedType p p)
+ => (b -> p)
+ -> t b
+ -> p
+prop `applyToList` xs = Data.Foldable.foldr1 before $ prop <$> xs
+
makeChange :: IO () -> Propellor Result
makeChange a = liftIO a >> return MadeChange
diff --git a/src/Propellor/Property/Firejail.hs b/src/Propellor/Property/Firejail.hs
new file mode 100644
index 00000000..b7841e07
--- /dev/null
+++ b/src/Propellor/Property/Firejail.hs
@@ -0,0 +1,31 @@
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
+module Propellor.Property.Firejail (
+ installed,
+ jailed,
+) where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+
+-- | Ensures that Firejail is installed
+installed :: Property DebianLike
+installed = Apt.installed ["firejail"]
+
+-- | For each program name passed, create symlinks in /usr/local/bin that
+-- will launch that program in a Firejail sandbox.
+--
+-- The profile for the sandbox will be the same as if the user had run
+-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
+-- firejail(1)).
+--
+-- See "DESKTOP INTEGRATION" in firejail(1).
+jailed :: [String] -> Property DebianLike
+jailed ps = (jailed' `applyToList` ps)
+ `requires` installed
+ `describe` unwords ("firejail jailed":ps)
+
+jailed' :: String -> Property UnixLike
+jailed' p = ("/usr/local/bin" </> p)
+ `File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"