To configure the Firejail profile in
Medium and
High security modes, the administrator must add the metadata along with the application package. Depending on the application that needs to be installed, you must modify the metadata, create a JSON file, and then bundle the file along with the Debian package of the application. The bundled package can be deployed to Dell Hybrid Client using Wyse Management Suite.
Use this metadata if you do not want to set granular parameters for the application. The following is an example of the metadata json file for the VLC application:
{
"application": "vlc",
"applicationType": "external",
"appVersion": "1.3.00.16851",
"autoUpdate": true,
"osType": "HybridClient",
"osSubType": [
"Ubuntu 20.04 Desktop"
],
"installerParameters": "",
"userPromptTimeOut": "2",
"applicationinstallationTimeOut": "60",
"filecheckSum": "63xxxxxxxxxxxxxxxxxxxxx",
"dependencies": "",
"securityConfigSettings": {
"firejailProfileSettings": {
"version": "0.9.62",
"values": [
{
"executableFullPath": "/usr/bin/vlc",
"executableDesktopFilePath": "/usr/share/applications/vlc.desktop",
"highSecurityGranularSettings": {
"blockCriticalAccess": "Yes",
"enableRestrictedUserEnvironment": "Yes",
"enableRestrictedCommunicationAccess": "Yes",
"enableRestrictedFSAccess": "No"
}
},
{
"executableFullPath": "/usr/bin/vlc_support",
"executableDesktopFilePath": "/usr/share/applications/vlc_support.desktop",
"highSecurityGranularSettings": {
"blockCriticalAccess": "No",
"enableRestrictedUserEnvironment": "Yes",
"enableRestrictedCommunicationAccess": "No",
"enableRestrictedFSAccess": "No"
}
}
]
}
}
}
NOTE:If the application metadata namely
executableFullPath and
executableDesktopFilePath are not available for a given application, you cannot install that application in the
High security profile.
Use this metadata to set granular parameters for the application. The following is an example of the metadata json file with granular settings for the VLC application:
{
"application": "vlc",
"applicationType": "external",
"appVersion": "1.3.00.16851",
"autoUpdate": true,
"osType": "HybridClient",
"osSubType": [
"Ubuntu 20.04 Desktop"
],
"installerParameters": "",
"userPromptTimeOut": "2",
"applicationinstallationTimeOut": "60",
"filecheckSum": "63xxxxxxxxxxxxxxxxxxxxxxxx",
"dependencies": "",
"securityConfigSettings": {
"firejailProfileSettings": {
"Version":"0.9.62",
"values": [
{
"executableFullPath": "/usr/bin/vlc",
"executableDesktopFilePath": "/usr/share/applications/vlc.desktop",
"highSecurityGranularSettings": {
"blockCriticalAccess": {
"blockSensitiveFileAccess":"Yes",
"blockDevelopmentToolsAcces":"No",
"blockExecuteAccess":"No",
"blockInterpreterToolsAccess":"No",
"blockPasswordManagerAccess":"Yes",
"blockConfigFilesAccess":"Yes"
},
"enableRestrictedUserEnvironment": {
"enableNewIPCNamespace":"No",
"disabl3dHwAccl":"No",
"disableDvd":"No",
"disableSupplementryGroups":"No",
"disableSound":"Yes",
"disableTv":"No",
"disableU2f":"No",
"disableVideo":"No",
"disableUserShell":"Yes"
},
"enableRestrictedCommunicationAccess": {
"enableMachineIdSpoofing":"No",
"blockNetworkAccess":"No",
"enableFirewallForNewNW":"Yes",
"disableDbusAccess":"No"
},
"enableRestrictedFSAccess": {
"enableFileAccessAudit":"No",
"disableMount":"No",
"enablePrivateMode":"No",
"enablePrivateCache":"No",
"enablePrivateDev":"Yes",
"enablePrivateLibDirectory":"No",
"enablePrivateTmpFs":"No"
}
}
},
{
"executableFullPath": "/usr/bin/vlc_support",
"executableDesktopFilePath": "/usr/share/applications/vlc_support.desktop",
"highSecurityGranularSettings": {
"blockCriticalAccess": {
"blockSensitiveFileAccess":"Yes",
"blockDevelopmentToolsAcces":"No",
"blockExecuteAccess":"Yes",
"blockInterpreterToolsAccess":"No",
"blockPasswordManagerAccess":"Yes",
"blockConfigFilesAccess":"Yes"
},
"enableRestrictedUserEnvironment": {
"enableNewIPCNamespace":"No",
"disabl3dHwAccl":"No",
"disableDvd":"No",
"disableSupplementryGroups":"No",
"disableSound":"Yes",
"disableTv":"No",
"disableU2f":"No",
"disableVideo":"Yes",
disableUserShell":"Yes"
},
"enableRestrictedCommunicationAccess": {
"enableMachineIdSpoofing":"No",
"blockNetworkAccess":"Yes",
"enableFirewallForNewNW":"Yes",
"disableDbusAccess":"No"
},
"enableRestrictedFSAccess": {
"enableFileAccessAudit":"No",
"disableMount":"No",
"enablePrivateMode":"No",
"enablePrivateCache":"Yes",
"enablePrivateDev":"Yes",
"enablePrivateLibDirectory":"No",
"enablePrivateTmpFs":"No"
}
}
}
]
}
}
}