spotify: D-Bus hardening (#5923)

author: glitsj16 <glitsj16@users.noreply.github.com> 2023-07-25 19:42:22 +0000
committer: GitHub <noreply@github.com> 2023-07-25 19:42:22 +0000
commit: 1c233b53600852aaa66304c153bf94bfc33c3e63 (patch)
tree: 65db83da0b0ae2e66c7ebf80a6b96219886131e3 /etc/profile-m-z
parent: audacious: D-Bus hardening (#5922) (diff)
download: firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.gz
firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.zst
firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile
index f07b10319..c893a92fb 100644
--- a/etc/profile-m-z/spotify.profile
+++ b/etc/profile-m-z/spotify.profile
@@ -16,6 +16,7 @@ include disable-common.inc
 include disable-devel.inc
 include disable-exec.inc
 include disable-interpreters.inc
+include disable-proc.inc
 include disable-programs.inc
 mkdir ${HOME}/.cache/spotify
@@ -34,6 +35,7 @@ nodvd
 nogroups
 noinput
 nonewprivs
+noprinters
 noroot
 notv
 nou2f
@@ -50,8 +52,11 @@ private-opt spotify
 private-srv none
 private-tmp
-# dbus needed for MPRIS
+dbus-user filter
-# dbus-user none
+dbus-user.own org.mpris.MediaPlayer2.spotify
-# dbus-system none
+dbus-user.talk org.freedesktop.Notifications
+dbus-user.talk org.freedesktop.secrets
+dbus-user.talk org.mpris.MediaPlayer2.Player
+dbus-system none
 restrict-namespaces
author	glitsj16 <glitsj16@users.noreply.github.com>	2023-07-25 19:42:22 +0000
committer	GitHub <noreply@github.com>	2023-07-25 19:42:22 +0000
commit	1c233b53600852aaa66304c153bf94bfc33c3e63 (patch)
tree	65db83da0b0ae2e66c7ebf80a6b96219886131e3 /etc/profile-m-z
parent	audacious: D-Bus hardening (#5922) (diff)
download	firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.gz firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.zst firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.zip

diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f07b10319..c893a92fb 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile
@@ -16,6 +16,7 @@ include disable-common.inc
16	include disable-devel.inc	16	include disable-devel.inc
17	include disable-exec.inc	17	include disable-exec.inc
18	include disable-interpreters.inc	18	include disable-interpreters.inc
		19	include disable-proc.inc
19	include disable-programs.inc	20	include disable-programs.inc
20		21
21	mkdir ${HOME}/.cache/spotify	22	mkdir ${HOME}/.cache/spotify
@@ -34,6 +35,7 @@ nodvd
34	nogroups	35	nogroups
35	noinput	36	noinput
36	nonewprivs	37	nonewprivs
		38	noprinters
37	noroot	39	noroot
38	notv	40	notv
39	nou2f	41	nou2f
@@ -50,8 +52,11 @@ private-opt spotify
50	private-srv none	52	private-srv none
51	private-tmp	53	private-tmp
52		54
53	# dbus needed for MPRIS	55	dbus-user filter
54	# dbus-user none	56	dbus-user.own org.mpris.MediaPlayer2.spotify
55	# dbus-system none	57	dbus-user.talk org.freedesktop.Notifications
		58	dbus-user.talk org.freedesktop.secrets
		59	dbus-user.talk org.mpris.MediaPlayer2.Player
		60	dbus-system none
56		61
57	restrict-namespaces	62	restrict-namespaces