diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2024-03-05 17:20:34 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-03-05 17:20:34 +0000 |
commit | a456e5182cd6495b8e8d6ae0f49b557c9240f848 (patch) | |
tree | 40c9a28b20e867b71534a17c640e6e148c495757 | |
parent | disable-programs.inc: blacklist /tmp/lwjgl_* (diff) | |
download | firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.gz firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.tar.zst firejail-a456e5182cd6495b8e8d6ae0f49b557c9240f848.zip |
New profile: green-recoder.profile (#6237)
Simple screen recorder for Linux desktop, supports Wayland & Xorg.
https://github.com/dvershinin/green-recorder
https://aur.archlinux.org/packages/green-recorder
https://aur.archlinux.org/packages/green-recorder-git
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/green-recoder.profile | 72 | ||||
-rw-r--r-- | src/firecfg/firecfg.config | 1 |
3 files changed, 74 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 914964b63..26f11470f 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -482,6 +482,7 @@ blacklist ${HOME}/.config/google-chrome-beta | |||
482 | blacklist ${HOME}/.config/google-chrome-unstable | 482 | blacklist ${HOME}/.config/google-chrome-unstable |
483 | blacklist ${HOME}/.config/gpicview | 483 | blacklist ${HOME}/.config/gpicview |
484 | blacklist ${HOME}/.config/gramps | 484 | blacklist ${HOME}/.config/gramps |
485 | blacklist ${HOME}/.config/green-recorder | ||
485 | blacklist ${HOME}/.config/gthumb | 486 | blacklist ${HOME}/.config/gthumb |
486 | blacklist ${HOME}/.config/gummi | 487 | blacklist ${HOME}/.config/gummi |
487 | blacklist ${HOME}/.config/guvcview2 | 488 | blacklist ${HOME}/.config/guvcview2 |
diff --git a/etc/profile-a-l/green-recoder.profile b/etc/profile-a-l/green-recoder.profile new file mode 100644 index 000000000..77c980daa --- /dev/null +++ b/etc/profile-a-l/green-recoder.profile | |||
@@ -0,0 +1,72 @@ | |||
1 | # Firejail profile for green-recorder | ||
2 | # Description: A simple screen recorder for Linux desktop (supports Wayland & Xorg) | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include green-recorder.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | blacklist /usr/libexec | ||
10 | |||
11 | noblacklist ${HOME}/.config/green-recorder | ||
12 | |||
13 | # Allow python 3 (blacklisted by disable-interpreters.inc) | ||
14 | include allow-python3.inc | ||
15 | |||
16 | # Allow /bin/sh (blacklisted by disable-shell.inc) | ||
17 | include allow-bin-sh.inc | ||
18 | |||
19 | noblacklist ${VIDEOS} | ||
20 | |||
21 | include disable-common.inc | ||
22 | include disable-devel.inc | ||
23 | include disable-exec.inc | ||
24 | include disable-interpreters.inc | ||
25 | include disable-programs.inc | ||
26 | include disable-shell.inc | ||
27 | include disable-xdg.inc | ||
28 | |||
29 | mkdir ${HOME}/.config/green-recorder | ||
30 | whitelist ${HOME}/.config/green-recorder | ||
31 | whitelist ${DOWNLOADS} | ||
32 | whitelist ${VIDEOS} | ||
33 | whitelist /usr/share/ffmpeg | ||
34 | whitelist /usr/share/green-recorder | ||
35 | include whitelist-common.inc | ||
36 | include whitelist-run-common.inc | ||
37 | include whitelist-runuser-common.inc | ||
38 | include whitelist-usr-share-common.inc | ||
39 | include whitelist-var-common.inc | ||
40 | |||
41 | apparmor | ||
42 | caps.drop all | ||
43 | net none | ||
44 | nodvd | ||
45 | nogroups | ||
46 | noinput | ||
47 | nonewprivs | ||
48 | noprinters | ||
49 | noroot | ||
50 | notv | ||
51 | nou2f | ||
52 | novideo | ||
53 | protocol unix | ||
54 | # allow set_mempolicy, which is required to encode using libx265 | ||
55 | seccomp !set_mempolicy | ||
56 | seccomp.block-secondary | ||
57 | tracelog | ||
58 | |||
59 | disable-mnt | ||
60 | private-bin awk,bash,convert,ffmpeg,green-recorder,grep,mv,pactl,ps,python*,sh,sleep,xdg-open,xdpyinfo,xwininfo | ||
61 | private-cache | ||
62 | private-dev | ||
63 | private-etc @x11 | ||
64 | private-tmp | ||
65 | |||
66 | dbus-user filter | ||
67 | dbus-user.talk org.freedesktop.Notifications | ||
68 | dbus-user.talk org.gnome.Shell.* | ||
69 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | ||
70 | dbus-system none | ||
71 | |||
72 | restrict-namespaces | ||
diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index e3a2f5200..5cf5947ed 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config | |||
@@ -391,6 +391,7 @@ gpredict | |||
391 | gradio | 391 | gradio |
392 | gramps | 392 | gramps |
393 | gravity-beams-and-evaporating-stars | 393 | gravity-beams-and-evaporating-stars |
394 | green-recorder | ||
394 | gthumb | 395 | gthumb |
395 | gtk-lbry-viewer | 396 | gtk-lbry-viewer |
396 | gtk-pipe-viewer | 397 | gtk-pipe-viewer |