From eaa4bf7b3f1636e4b9010b7131e680dd556cad95 Mon Sep 17 00:00:00 2001
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Thu, 16 Jun 2016 21:17:47 +0900
Subject: add Propellor.Property.Firejail

---
 src/Propellor/Property/Firejail.hs | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 src/Propellor/Property/Firejail.hs

(limited to 'src')

diff --git a/src/Propellor/Property/Firejail.hs b/src/Propellor/Property/Firejail.hs
new file mode 100644
index 00000000..98f7ab78
--- /dev/null
+++ b/src/Propellor/Property/Firejail.hs
@@ -0,0 +1,29 @@
+-- | Maintainer: Sean Whitton <spwhitton@spwhitton.name>
+
+module Propellor.Property.Firejail (
+	installed,
+	jailed,
+) where
+
+import Propellor.Base
+import qualified Propellor.Property.Apt as Apt
+import qualified Propellor.Property.File as File
+
+-- | Ensures that Firejail is installed
+installed :: Property DebianLike
+installed = Apt.installed ["firejail"]
+
+-- | For each program name passed, create symlinks in @/usr/local/bin@ that
+-- will launch that program in a Firejail sandbox.
+--
+-- The profile for the sandbox will be the same as if the user had run
+-- @firejail@ directly without passing @--profile@ (see "SECURITY PROFILES" in
+-- firejail(1)).
+--
+-- See "DESKTOP INTEGRATION" in firejail(1).
+jailed :: [String] -> Property DebianLike
+jailed ps = (jailed' `applyToList` ps) `requires` installed
+
+jailed' :: String -> Property UnixLike
+jailed' p = ("/usr/local/bin" </> p)
+	`File.isSymlinkedTo` File.LinkTarget "/usr/bin/firejail"
-- 
cgit v1.3-2-g0d8e