diff options
author | Fred Barclay <Fred-Barclay@users.noreply.github.com> | 2020-08-15 17:27:10 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-15 17:27:10 -0500 |
commit | 5d741795c3bb2060730e282a8f512b999418e098 (patch) | |
tree | 8ff4e8937c10e995b54869ff82effbc73b888fca /etc/profile-a-l | |
parent | Merge pull request #3559 from smitsohu/smitsohu-bandwidth (diff) | |
download | firejail-5d741795c3bb2060730e282a8f512b999418e098.tar.gz firejail-5d741795c3bb2060730e282a8f512b999418e098.tar.zst firejail-5d741795c3bb2060730e282a8f512b999418e098.zip |
Use whitelisting for video players (#3472)
* Use whitelisting for video players
See https://github.com/netblue30/firejail/pull/3469
* Update media player whitelists
See reviews at https://github.com/netblue30/firejail/pull/3472
Block $DOCUMENTS
Make $DESKTOP read-only
* Review fixes: include read-only Desktop in whitelist
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/celluloid.profile | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 567bd912a..54d3f742f 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.config/celluloid | 9 | noblacklist ${HOME}/.config/celluloid |
10 | noblacklist ${HOME}/.config/gnome-mpv | 10 | noblacklist ${HOME}/.config/gnome-mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | noblacklist ${HOME}/.config/youtube-dl |
12 | noblacklist ${MUSIC} | ||
13 | noblacklist ${VIDEOS} | ||
14 | 12 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -22,8 +20,20 @@ include disable-exec.inc | |||
22 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 22 | include disable-programs.inc |
25 | include disable-xdg.inc | ||
26 | 23 | ||
24 | read-only ${DESKTOP} | ||
25 | mkdir ${HOME}/.config/celluloid | ||
26 | mkdir ${HOME}/.config/gnome-mpv | ||
27 | mkdir ${HOME}/.config/youtube-dl | ||
28 | whitelist ${HOME}/.config/celluloid | ||
29 | whitelist ${HOME}/.config/gnome-mpv | ||
30 | whitelist ${HOME}/.config/youtube-dl | ||
31 | whitelist ${DESKTOP} | ||
32 | whitelist ${DOWNLOADS} | ||
33 | whitelist ${MUSIC} | ||
34 | whitelist ${PICTURES} | ||
35 | whitelist ${VIDEOS} | ||
36 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 39 | include whitelist-var-common.inc |