diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2020-05-27 18:23:44 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-05-27 18:23:44 +0000 |
commit | 3d7a75b5e74a22766398e65a23d833e3442163d2 (patch) | |
tree | 65ac8b4e163b6796b278df8a96710b7f38b3fce0 | |
parent | new profile: mocp (#3437) (diff) | |
download | firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.gz firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.zst firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.zip |
harden mpg123.profile (#3438)
* harden mpg123.profile
* drop nodvd from mpg123.profile
-rw-r--r-- | etc/profile-m-z/mpg123.profile | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index 6e18aa401..b1ab81c1e 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile | |||
@@ -1,13 +1,13 @@ | |||
1 | # Firejail profile for mpg123 | 1 | # Firejail profile for mpg123 |
2 | # Description: MPEG audio player/decoder | 2 | # Description: MPEG audio player/decoder |
3 | # This file is overwritten after every install/update | 3 | # This file is overwritten after every install/update |
4 | quiet | ||
4 | # Persistent local customizations | 5 | # Persistent local customizations |
5 | include mpg123.local | 6 | include mpg123.local |
6 | # Persistent global definitions | 7 | # Persistent global definitions |
7 | include globals.local | 8 | include globals.local |
8 | 9 | ||
9 | noblacklist ${MUSIC} | 10 | noblacklist ${MUSIC} |
10 | noblacklist ${VIDEOS} | ||
11 | 11 | ||
12 | include disable-common.inc | 12 | include disable-common.inc |
13 | include disable-devel.inc | 13 | include disable-devel.inc |
@@ -23,19 +23,23 @@ include whitelist-var-common.inc | |||
23 | apparmor | 23 | apparmor |
24 | caps.drop all | 24 | caps.drop all |
25 | netfilter | 25 | netfilter |
26 | no3d | ||
26 | nogroups | 27 | nogroups |
27 | nonewprivs | 28 | nonewprivs |
28 | noroot | 29 | noroot |
30 | notv | ||
29 | nou2f | 31 | nou2f |
32 | novideo | ||
30 | protocol unix,inet,inet6,netlink | 33 | protocol unix,inet,inet6,netlink |
31 | seccomp | 34 | seccomp |
32 | shell none | 35 | shell none |
36 | tracelog | ||
33 | 37 | ||
34 | #private-bin mpg123* | 38 | #private-bin mpg123* |
35 | private-dev | 39 | private-dev |
36 | private-tmp | 40 | private-tmp |
37 | 41 | ||
38 | memory-deny-write-execute | ||
39 | |||
40 | dbus-user none | 42 | dbus-user none |
41 | dbus-system none | 43 | dbus-system none |
44 | |||
45 | memory-deny-write-execute | ||