summaryrefslogtreecommitdiff
path: root/src/Propellor/Property
diff options
context:
space:
mode:
authorJoey Hess2016-06-19 13:14:42 -0400
committerJoey Hess2016-06-19 13:14:42 -0400
commitc017788490caddd222c3a977ad32ec00a61a266e (patch)
tree8d2e5e83159353950023161b4c79ac4792f6d856 /src/Propellor/Property
parentf33b0948218e7b3d510f6bf37785cda107a630d8 (diff)
parent0e09a8cfdffb2cd99cf86c04bade4a9261101a2c (diff)
Merge remote-tracking branch 'spwhitton/firejail'
Diffstat (limited to 'src/Propellor/Property')
-rw-r--r--src/Propellor/Property/Firejail.hs31
1 files changed, 31 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firejail.hs b/src/Propellor/Property/Firejail.hs
new file mode 100644
index 00000000..b7841e07
--- /dev/null
+++ b/src/Propellor/Property/Firejail.hs
@@ -0,0 +1,31 @@
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
+module Propellor.Property.Firejail (
+ installed,
+ jailed,
+) where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+
+-- | Ensures that Firejail is installed
+installed :: Property DebianLike
+installed = Apt.installed ["firejail"]
+
+-- | For each program name passed, create symlinks in /usr/local/bin that
+-- will launch that program in a Firejail sandbox.
+--
+-- The profile for the sandbox will be the same as if the user had run
+-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
+-- firejail(1)).
+--
+-- See "DESKTOP INTEGRATION" in firejail(1).
+jailed :: [String] -> Property DebianLike
+jailed ps = (jailed' `applyToList` ps)
+ `requires` installed
+ `describe` unwords ("firejail jailed":ps)
+
+jailed' :: String -> Property UnixLike
+jailed' p = ("/usr/local/bin" </> p)
+ `File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"