diff options
author | PizzaDude <pizzadudedotca@gmail.com> | 2017-09-03 14:43:24 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-03 14:43:24 -0400 |
commit | 933635ee0e22f3d85551470098ccfa12db6a612f (patch) | |
tree | 585159943faee9f3c27a6cec6a33e8a8a567575d | |
parent | fix #1522 (diff) | |
download | firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.gz firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.zst firejail-933635ee0e22f3d85551470098ccfa12db6a612f.zip |
firejail profile for smtube
if you think private-bin needs to be there, feel free to edit the profile, and users would need to add their own players via the smtube.local file
-rw-r--r-- | smtube.profile | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/smtube.profile b/smtube.profile new file mode 100644 index 000000000..f9966793d --- /dev/null +++ b/smtube.profile | |||
@@ -0,0 +1,34 @@ | |||
1 | # Firejail profile for smtube | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/smtube.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.config/smplayer | ||
9 | noblacklist ${HOME}/.config/smtube | ||
10 | noblacklist ${HOME}/.config/mpv | ||
11 | noblacklist ${HOME}/.mplayer | ||
12 | noblacklist ${HOME}/.config/vlc | ||
13 | noblacklist ${HOME}/.local/share/vlc | ||
14 | |||
15 | include /etc/firejail/disable-common.inc | ||
16 | include /etc/firejail/disable-devel.inc | ||
17 | include /etc/firejail/disable-passwdmgr.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | # nogroups | ||
23 | nonewprivs | ||
24 | noroot | ||
25 | protocol unix,inet,inet6,netlink | ||
26 | seccomp | ||
27 | shell none | ||
28 | |||
29 | #no private-bin because users can add their own players to smtube and that would prevent that | ||
30 | private-dev | ||
31 | private-tmp | ||
32 | |||
33 | noexec ${HOME} | ||
34 | noexec /tmp | ||