diff options
author | startx2017 <vradu.startx@yandex.com> | 2017-06-16 08:37:52 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2017-06-16 08:37:52 -0400 |
commit | 5d485d66fc444677917ed11f46b50067dabe9245 (patch) | |
tree | 76bcbd0b70a655f6c9c48aa778397430c62156b0 | |
parent | curl profile (diff) | |
download | firejail-5d485d66fc444677917ed11f46b50067dabe9245.tar.gz firejail-5d485d66fc444677917ed11f46b50067dabe9245.tar.zst firejail-5d485d66fc444677917ed11f46b50067dabe9245.zip |
mplayer and smplayer profiles
-rw-r--r-- | README | 4 | ||||
-rw-r--r-- | etc/disable-programs.inc | 2 | ||||
-rw-r--r-- | etc/mplayer.profile | 31 | ||||
-rw-r--r-- | etc/smplayer.profile | 32 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 2 |
5 files changed, 70 insertions, 1 deletions
@@ -401,9 +401,11 @@ startx2017 (https://github.com/startx2017) | |||
401 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist | 401 | - firecfg fix: create ~/.local/share/applications directory if it doesn't exist |
402 | - firejail.config cleanup | 402 | - firejail.config cleanup |
403 | - --quiet fixes | 403 | - --quiet fixes |
404 | - 0.9.38-LTS branch maintainer | 404 | - bugfixes branches maintainer |
405 | - firemon --top speed-up | 405 | - firemon --top speed-up |
406 | - Blender and 2048-qt profiles | 406 | - Blender and 2048-qt profiles |
407 | - handbrake profile | ||
408 | - mplayer and smplayer profiles | ||
407 | thewisenerd (https://github.com/thewisenerd) | 409 | thewisenerd (https://github.com/thewisenerd) |
408 | - allow multiple private-home commands | 410 | - allow multiple private-home commands |
409 | - use $SHELL variable if the shell is not specified | 411 | - use $SHELL variable if the shell is not specified |
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 4d77218de..3b2c150fc 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc | |||
@@ -140,6 +140,7 @@ blacklist ${HOME}/.config/redshift.conf | |||
140 | blacklist ${HOME}/.config/scribus | 140 | blacklist ${HOME}/.config/scribus |
141 | blacklist ${HOME}/.config/skypeforlinux | 141 | blacklist ${HOME}/.config/skypeforlinux |
142 | blacklist ${HOME}/.config/slimjet | 142 | blacklist ${HOME}/.config/slimjet |
143 | blacklist ${HOME}/.config/smplayer | ||
143 | blacklist ${HOME}/.config/spotify | 144 | blacklist ${HOME}/.config/spotify |
144 | blacklist ${HOME}/.config/stellarium | 145 | blacklist ${HOME}/.config/stellarium |
145 | blacklist ${HOME}/.config/synfig | 146 | blacklist ${HOME}/.config/synfig |
@@ -306,6 +307,7 @@ blacklist ${HOME}/.mcabberrc | |||
306 | blacklist ${HOME}/.mediathek3 | 307 | blacklist ${HOME}/.mediathek3 |
307 | blacklist ${HOME}/.mozilla | 308 | blacklist ${HOME}/.mozilla |
308 | blacklist ${HOME}/.mpdconf | 309 | blacklist ${HOME}/.mpdconf |
310 | blacklist ${HOME}/.mplayer | ||
309 | blacklist ${HOME}/.msmtprc | 311 | blacklist ${HOME}/.msmtprc |
310 | blacklist ${HOME}/.multimc5 | 312 | blacklist ${HOME}/.multimc5 |
311 | blacklist ${HOME}/.mutt | 313 | blacklist ${HOME}/.mutt |
diff --git a/etc/mplayer.profile b/etc/mplayer.profile new file mode 100644 index 000000000..879223e1a --- /dev/null +++ b/etc/mplayer.profile | |||
@@ -0,0 +1,31 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/mplayer.local | ||
7 | |||
8 | # mplayer profile | ||
9 | noblacklist ${HOME}/.mplayer | ||
10 | |||
11 | include /etc/firejail/disable-common.inc | ||
12 | include /etc/firejail/disable-programs.inc | ||
13 | include /etc/firejail/disable-devel.inc | ||
14 | include /etc/firejail/disable-passwdmgr.inc | ||
15 | |||
16 | caps.drop all | ||
17 | #ipc-namespace | ||
18 | netfilter | ||
19 | # nogroups | ||
20 | nonewprivs | ||
21 | noroot | ||
22 | protocol unix,inet,inet6,netlink | ||
23 | seccomp | ||
24 | shell none | ||
25 | |||
26 | private-dev | ||
27 | private-tmp | ||
28 | private-bin mplayer | ||
29 | |||
30 | noexec ${HOME} | ||
31 | noexec /tmp | ||
diff --git a/etc/smplayer.profile b/etc/smplayer.profile new file mode 100644 index 000000000..6a5c115b7 --- /dev/null +++ b/etc/smplayer.profile | |||
@@ -0,0 +1,32 @@ | |||
1 | # Persistent global definitions go here | ||
2 | include /etc/firejail/globals.local | ||
3 | |||
4 | # This file is overwritten during software install. | ||
5 | # Persistent customizations should go in a .local file. | ||
6 | include /etc/firejail/smplayer.local | ||
7 | |||
8 | # smplayer profile | ||
9 | noblacklist ${HOME}/.config/smplayer | ||
10 | noblacklist ${HOME}/.mplayer | ||
11 | |||
12 | include /etc/firejail/disable-common.inc | ||
13 | include /etc/firejail/disable-programs.inc | ||
14 | include /etc/firejail/disable-devel.inc | ||
15 | include /etc/firejail/disable-passwdmgr.inc | ||
16 | |||
17 | caps.drop all | ||
18 | #ipc-namespace | ||
19 | netfilter | ||
20 | # nogroups | ||
21 | nonewprivs | ||
22 | noroot | ||
23 | protocol unix,inet,inet6,netlink | ||
24 | seccomp | ||
25 | shell none | ||
26 | |||
27 | private-dev | ||
28 | private-tmp | ||
29 | private-bin smplayer,mplayer | ||
30 | |||
31 | noexec ${HOME} | ||
32 | noexec /tmp | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 444b304ab..7bac70887 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -153,6 +153,7 @@ mediathekview | |||
153 | meld | 153 | meld |
154 | midori | 154 | midori |
155 | mousepad | 155 | mousepad |
156 | mplayer | ||
156 | mpv | 157 | mpv |
157 | multimc5 | 158 | multimc5 |
158 | mumble | 159 | mumble |
@@ -199,6 +200,7 @@ skanlite | |||
199 | skype | 200 | skype |
200 | skypeforlinux | 201 | skypeforlinux |
201 | slack | 202 | slack |
203 | smplayer | ||
202 | soffice | 204 | soffice |
203 | spectacle | 205 | spectacle |
204 | spotify | 206 | spotify |