summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firejail.hs
diff options
context:
space:
mode:
Diffstat (limited to 'src/Propellor/Property/Firejail.hs')
-rw-r--r--src/Propellor/Property/Firejail.hs29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/Propellor/Property/Firejail.hs b/src/Propellor/Property/Firejail.hs
new file mode 100644
index 00000000..98f7ab78
--- /dev/null
+++ b/src/Propellor/Property/Firejail.hs
@@ -0,0 +1,29 @@
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
+module Propellor.Property.Firejail (
+ installed,
+ jailed,
+) where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+
+-- | Ensures that Firejail is installed
+installed :: Property DebianLike
+installed = Apt.installed ["firejail"]
+
+-- | For each program name passed, create symlinks in @/usr/local/bin@ that
+-- will launch that program in a Firejail sandbox.
+--
+-- The profile for the sandbox will be the same as if the user had run
+-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
+-- firejail(1)).
+--
+-- See "DESKTOP INTEGRATION" in firejail(1).
+jailed :: [String] -> Property DebianLike
+jailed ps = (jailed' `applyToList` ps) `requires` installed
+
+jailed' :: String -> Property UnixLike
+jailed' p = ("/usr/local/bin" </> p)
+ `File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"