diff options
author | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2017-09-03 15:49:30 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-03 15:49:30 -0500 |
commit | f6496b20588510689c6a07e66c18f9b1d660c26a (patch) | |
tree | fc137b05b54f9e0a22a5576d3ba71f5119a3c0a8 | |
parent | Merge pull request #1523 from pizzadude/patch-4 (diff) | |
parent | Update smtube.profile (diff) | |
download | firejail-f6496b20588510689c6a07e66c18f9b1d660c26a.tar.gz firejail-f6496b20588510689c6a07e66c18f9b1d660c26a.tar.zst firejail-f6496b20588510689c6a07e66c18f9b1d660c26a.zip |
Merge pull request #1524 from pizzadude/patch-5
firejail profile for smtube
-rw-r--r-- | smtube.profile | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/smtube.profile b/smtube.profile new file mode 100644 index 000000000..2694dd5b0 --- /dev/null +++ b/smtube.profile | |||
@@ -0,0 +1,37 @@ | |||
1 | # Firejail profile for smtube | ||
2 | # This file is overwritten after every install/update | ||
3 | # Persistent local customizations | ||
4 | include /etc/firejail/smtube.local | ||
5 | # Persistent global definitions | ||
6 | include /etc/firejail/globals.local | ||
7 | |||
8 | noblacklist ${HOME}/.config/smplayer | ||
9 | noblacklist ${HOME}/.config/smtube | ||
10 | noblacklist ${HOME}/.config/mpv | ||
11 | noblacklist ${HOME}/.mplayer | ||
12 | noblacklist ${HOME}/.config/vlc | ||
13 | noblacklist ${HOME}/.local/share/vlc | ||
14 | |||
15 | include /etc/firejail/disable-common.inc | ||
16 | include /etc/firejail/disable-devel.inc | ||
17 | include /etc/firejail/disable-passwdmgr.inc | ||
18 | include /etc/firejail/disable-programs.inc | ||
19 | |||
20 | caps.drop all | ||
21 | netfilter | ||
22 | nodvd | ||
23 | notv | ||
24 | novideo | ||
25 | nogroups | ||
26 | nonewprivs | ||
27 | noroot | ||
28 | protocol unix,inet,inet6,netlink | ||
29 | seccomp | ||
30 | shell none | ||
31 | |||
32 | #no private-bin because users can add their own players to smtube and that would prevent that | ||
33 | private-dev | ||
34 | private-tmp | ||
35 | |||
36 | noexec ${HOME} | ||
37 | noexec /tmp | ||