profile fixes

author: netblue30 <netblue30@yahoo.com> 2020-10-28 08:16:05 -0400
committer: netblue30 <netblue30@yahoo.com> 2020-10-28 08:16:05 -0400
commit: 305aa40922c22ee87b017681b9a241b72098224f (patch)
tree: 43515112eb4e5454e978baf827726b39b6332ac1 /etc/profile-a-l/clementine.profile
parent: slightly change changelog date to not have duplicate (diff)
download: firejail-305aa40922c22ee87b017681b9a241b72098224f.tar.gz
firejail-305aa40922c22ee87b017681b9a241b72098224f.tar.zst
firejail-305aa40922c22ee87b017681b9a241b72098224f.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile
index 4d92157d0..387b5f0a7 100644
--- a/etc/profile-a-l/clementine.profile
+++ b/etc/profile-a-l/clementine.profile
@@ -12,22 +12,29 @@ noblacklist ${MUSIC}
 include disable-common.inc
 include disable-devel.inc
+include disable-exec.inc
 include disable-interpreters.inc
 include disable-passwdmgr.inc
 include disable-programs.inc
 include disable-xdg.inc
 include whitelist-var-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-runuser-common.inc
+apparmor
 caps.drop all
 nonewprivs
 noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6
+protocol unix,inet,inet6,netlink
 # blacklisting of ioprio_set system calls breaks clementine
 seccomp !ioprio_set
 private-dev
 private-tmp
+dbus-system none
+# dbus-user none
author	netblue30 <netblue30@yahoo.com>	2020-10-28 08:16:05 -0400
committer	netblue30 <netblue30@yahoo.com>	2020-10-28 08:16:05 -0400
commit	305aa40922c22ee87b017681b9a241b72098224f (patch)
tree	43515112eb4e5454e978baf827726b39b6332ac1 /etc/profile-a-l/clementine.profile
parent	slightly change changelog date to not have duplicate (diff)
download	firejail-305aa40922c22ee87b017681b9a241b72098224f.tar.gz firejail-305aa40922c22ee87b017681b9a241b72098224f.tar.zst firejail-305aa40922c22ee87b017681b9a241b72098224f.zip

diff --git a/etc/profile-a-l/clementine.profile b/etc/profile-a-l/clementine.profile index 4d92157d0..387b5f0a7 100644 --- a/etc/profile-a-l/clementine.profile +++ b/etc/profile-a-l/clementine.profile
@@ -12,22 +12,29 @@ noblacklist ${MUSIC}
12		12
13	include disable-common.inc	13	include disable-common.inc
14	include disable-devel.inc	14	include disable-devel.inc
		15	include disable-exec.inc
15	include disable-interpreters.inc	16	include disable-interpreters.inc
16	include disable-passwdmgr.inc	17	include disable-passwdmgr.inc
17	include disable-programs.inc	18	include disable-programs.inc
18	include disable-xdg.inc	19	include disable-xdg.inc
19		20
20	include whitelist-var-common.inc	21	include whitelist-var-common.inc
		22	include whitelist-usr-share-common.inc
		23	include whitelist-runuser-common.inc
21		24
		25	apparmor
22	caps.drop all	26	caps.drop all
23	nonewprivs	27	nonewprivs
24	noroot	28	noroot
25	notv	29	notv
26	nou2f	30	nou2f
27	novideo	31	novideo
28	protocol unix,inet,inet6	32	protocol unix,inet,inet6,netlink
29	# blacklisting of ioprio_set system calls breaks clementine	33	# blacklisting of ioprio_set system calls breaks clementine
30	seccomp !ioprio_set	34	seccomp !ioprio_set
31		35
32	private-dev	36	private-dev
33	private-tmp	37	private-tmp
		38
		39	dbus-system none
		40	# dbus-user none