summaryrefslogtreecommitdiff
path: root/src/Propellor/Property/Firejail.hs
blob: aa4024a703c87c9a5ecea05087533da22ed02375 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>

module Propellor.Property.Firejail (
	installed,
	jailed,
) where

import Propellor.Base
import qualified Propellor.Property.Apt as Apt
import qualified Propellor.Property.File as File

-- | Ensures that Firejail is installed
installed :: Property DebianLike
installed = Apt.installed ["firejail"]

-- | For each program name passed, create symlinks in /usr/local/bin that
-- will launch that program in a Firejail sandbox.
--
-- The profile for the sandbox will be the same as if the user had run
-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
-- firejail(1)).
--
-- See "DESKTOP INTEGRATION" in firejail(1).
jailed :: [String] -> Property DebianLike
jailed ps = mconcat (map jailed' ps)
	`requires` installed
	`describe` unwords ("firejail jailed":ps)

jailed' :: String -> RevertableProperty UnixLike UnixLike
jailed' p = ("/usr/local/bin" </> p)
	`File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"