diff options
| -rw-r--r-- | src/Propellor/Property.hs | 12 | ||||
| -rw-r--r-- | src/Propellor/Property/Firejail.hs | 31 |
2 files changed, 42 insertions, 1 deletions
diff --git a/src/Propellor/Property.hs b/src/Propellor/Property.hs index af36ed58..fe314941 100644 --- a/src/Propellor/Property.hs +++ b/src/Propellor/Property.hs @@ -16,6 +16,7 @@ module Propellor.Property ( , check , fallback , revert + , applyToList -- * Property descriptions , describe , (==>) @@ -53,7 +54,8 @@ import System.Posix.Files import qualified Data.Hash.MD5 as MD5 import Data.List import Control.Applicative -import Prelude +import Data.Foldable (Foldable, foldr1) +import Prelude hiding (Foldable) import Propellor.Types import Propellor.Types.Core @@ -341,6 +343,14 @@ unsupportedOS' = go =<< getOS revert :: RevertableProperty setup undo -> RevertableProperty undo setup revert (RevertableProperty p1 p2) = RevertableProperty p2 p1 +-- | Apply a property to each element of a list. +applyToList + :: (Foldable t, Functor t, IsProp p, Combines p p, p ~ CombinedType p p) + => (b -> p) + -> t b + -> p +prop `applyToList` xs = Data.Foldable.foldr1 before $ prop <$> xs + makeChange :: IO () -> Propellor Result makeChange a = liftIO a >> return MadeChange diff --git a/src/Propellor/Property/Firejail.hs b/src/Propellor/Property/Firejail.hs new file mode 100644 index 00000000..b7841e07 --- /dev/null +++ b/src/Propellor/Property/Firejail.hs @@ -0,0 +1,31 @@ +-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name> + +module Propellor.Property.Firejail ( + installed, + jailed, +) where + +import Propellor.Base +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File + +-- | Ensures that Firejail is installed +installed :: Property DebianLike +installed = Apt.installed ["firejail"] + +-- | For each program name passed, create symlinks in /usr/local/bin that +-- will launch that program in a Firejail sandbox. +-- +-- The profile for the sandbox will be the same as if the user had run +-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in +-- firejail(1)). +-- +-- See "DESKTOP INTEGRATION" in firejail(1). +jailed :: [String] -> Property DebianLike +jailed ps = (jailed' `applyToList` ps) + `requires` installed + `describe` unwords ("firejail jailed":ps) + +jailed' :: String -> Property UnixLike +jailed' p = ("/usr/local/bin" </> p) + `File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail" |