diff options
author | Dpeta <Jasprose@protonmail.com> | 2022-12-24 23:21:43 +0100 |
---|---|---|
committer | Dpeta <jasprose@protonmail.com> | 2022-12-25 15:30:47 +0100 |
commit | 3af6c406834d5f18d1422ce95ebd02646862ce74 (patch) | |
tree | 25f81c5627394d2a80ab56520eb570a1a263a514 /etc/profile-a-l | |
parent | testing (diff) | |
download | firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.gz firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.tar.zst firejail-3af6c406834d5f18d1422ce95ebd02646862ce74.zip |
Add Chatterino profile
Diffstat (limited to 'etc/profile-a-l')
-rw-r--r-- | etc/profile-a-l/chatterino.profile | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile new file mode 100644 index 000000000..bbb536827 --- /dev/null +++ b/etc/profile-a-l/chatterino.profile | |||
@@ -0,0 +1,116 @@ | |||
1 | # Firejail profile for Chatterino | ||
2 | # Description: Chat client for https://twitch.tv | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include chatterino.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # Also allow access to mpv/vlc, they're usable via streamlink. | ||
10 | noblacklist ${HOME}/.cache/vlc | ||
11 | noblacklist ${HOME}/.config/aacs | ||
12 | noblacklist ${HOME}/.config/mpv | ||
13 | noblacklist ${HOME}/.config/pulse | ||
14 | noblacklist ${HOME}/.config/vlc | ||
15 | noblacklist ${HOME}/.local/share/chatterino | ||
16 | noblacklist ${HOME}/.local/share/vlc | ||
17 | # To upload images, whitelist/noblacklist their path in chatterino.local. | ||
18 | #noblacklist ${HOME}/Pictures/ | ||
19 | # For custom notification sounds, whitelist/noblacklist their path in chatterino.local. | ||
20 | #noblacklist ${HOME}/Music/ | ||
21 | |||
22 | # Allow Python for Streamlink integration (blacklisted by disable-interpreters.inc) | ||
23 | include allow-python3.inc | ||
24 | |||
25 | # Allow Lua for mpv (blacklisted by disable-interpreters.inc) | ||
26 | include allow-lua.inc | ||
27 | |||
28 | # disable-*.inc includes | ||
29 | include disable-common.inc | ||
30 | include disable-devel.inc | ||
31 | include disable-exec.inc | ||
32 | include disable-interpreters.inc | ||
33 | include disable-proc.inc | ||
34 | include disable-programs.inc | ||
35 | include disable-xdg.inc | ||
36 | |||
37 | # Also allow access to mpv/vlc, they're usable via streamlink. | ||
38 | mkdir ${HOME}/.cache/vlc | ||
39 | mkdir ${HOME}/.config/aacs | ||
40 | mkdir ${HOME}/.config/mpv | ||
41 | mkdir ${HOME}/.config/pulse | ||
42 | mkdir ${HOME}/.config/vlc | ||
43 | mkdir ${HOME}/.local/share/chatterino | ||
44 | mkdir ${HOME}/.local/share/vlc | ||
45 | whitelist ${HOME}/.cache/vlc | ||
46 | whitelist ${HOME}/.config/aacs | ||
47 | whitelist ${HOME}/.config/mpv | ||
48 | whitelist ${HOME}/.config/pulse | ||
49 | whitelist ${HOME}/.config/vlc | ||
50 | whitelist ${HOME}/.local/share/chatterino | ||
51 | whitelist ${HOME}/.local/share/vlc | ||
52 | # To upload images, whitelist/noblacklist their path in chatterino.local. | ||
53 | #whitelist ${HOME}/Pictures/ | ||
54 | # For custom notification sounds, whitelist/noblacklist their path in chatterino.local. | ||
55 | #whitelist ${HOME}/Music/ | ||
56 | # whitelist-*.inc includes | ||
57 | include whitelist-common.inc | ||
58 | include whitelist-run-common.inc | ||
59 | include whitelist-runuser-common.inc | ||
60 | include whitelist-usr-share-common.inc | ||
61 | include whitelist-var-common.inc | ||
62 | |||
63 | # Streamlink+VLC doesn't seem to close properly with apparmor enabled. | ||
64 | #apparmor | ||
65 | caps.drop all | ||
66 | netfilter | ||
67 | nodvd | ||
68 | nogroups | ||
69 | nonewprivs | ||
70 | noprinters | ||
71 | noroot | ||
72 | notv | ||
73 | nou2f | ||
74 | # Netlink is required for streamlink integration. | ||
75 | protocol unix,inet,inet6,netlink | ||
76 | # Seccomp may break browser integration. | ||
77 | seccomp | ||
78 | seccomp.block-secondary | ||
79 | tracelog | ||
80 | |||
81 | disable-mnt | ||
82 | # Add more private-bin lines for browsers or video players to chatterino.local if wanted. | ||
83 | private-bin chatterino,pgrep | ||
84 | private-bin ffmpeg,python*,streamlink | ||
85 | private-bin cvlc,nvlc,qvlc,rvlc,svlc,vlc | ||
86 | private-bin env,mpv,python*,waf,youtube-dl,yt-dlp | ||
87 | # private-cache may cause issues with mpv (see #2838) | ||
88 | private-cache | ||
89 | private-dev | ||
90 | private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11 | ||
91 | private-opt none | ||
92 | private-srv none | ||
93 | private-tmp | ||
94 | |||
95 | dbus-user filter | ||
96 | dbus-user.own com.chatterino.* | ||
97 | # Session Bus Policy from flatpak | ||
98 | dbus-user.talk com.canonical.AppMenu.Registrar | ||
99 | dbus-user.talk org.kde.kconfig.notify | ||
100 | dbus-user.talk org.kde.KGlobalSettings | ||
101 | dbus-user.talk org.freedesktop.Flatpak | ||
102 | # Allow notifications. | ||
103 | dbus-user.talk org.freedesktop.Notifications | ||
104 | # For media player integration. | ||
105 | dbus-user.talk org.freedesktop.ScreenSaver | ||
106 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | ||
107 | dbus-user.talk org.mpris.MediaPlayer2.Player | ||
108 | dbus-system none | ||
109 | |||
110 | # Prevents browsers/players from lingering after Chatterino is closed. | ||
111 | #deterministic-shutdown | ||
112 | # Add to chatterino.local to force Qt to use its wayland QPA plugin. | ||
113 | #env QT_QPA_PLATFORM=wayland | ||
114 | # memory-deny-write-execute may break streamlink and browser integration. | ||
115 | #memory-deny-write-execute | ||
116 | restrict-namespaces | ||