aboutsummaryrefslogtreecommitdiffstats
path: root/etc/spotify.profile
diff options
context:
space:
mode:
authorLibravatar Tad <tad@spotco.us>2017-08-07 01:22:08 -0400
committerLibravatar Tad <tad@spotco.us>2017-08-07 01:22:08 -0400
commit9e3ba319be6b9546d7e8f450ca419ee2f3f4040b (patch)
tree0aebe82de78a61877c267f4dcb2ebcc13a2e37c9 /etc/spotify.profile
parentvarious profile fixes (#1433) (diff)
downloadfirejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.gz
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.tar.zst
firejail-9e3ba319be6b9546d7e8f450ca419ee2f3f4040b.zip
Unify all profiles
Diffstat (limited to 'etc/spotify.profile')
-rw-r--r--etc/spotify.profile48
1 files changed, 24 insertions, 24 deletions
diff --git a/etc/spotify.profile b/etc/spotify.profile
index 07103b112..64805153c 100644
--- a/etc/spotify.profile
+++ b/etc/spotify.profile
@@ -1,26 +1,35 @@
1# Persistent global definitions go here 1# Firejail profile for spotify
2# This file is overwritten after every install/update
3# Persistent local customizations
4include /etc/firejail/spotify.local
5# Persistent global definitions
2include /etc/firejail/globals.local 6include /etc/firejail/globals.local
3 7
4# This file is overwritten during software install. 8blacklist ${HOME}/.bashrc
5# Persistent customizations should go in a .local file. 9blacklist /boot
6include /etc/firejail/spotify.local 10blacklist /lost+found
11blacklist /opt
12blacklist /root
13blacklist /sbin
14blacklist /srv
15blacklist /sys
7 16
8# Spotify media player profile
9noblacklist ${HOME}/.config/spotify
10noblacklist ${HOME}/.cache/spotify 17noblacklist ${HOME}/.cache/spotify
18noblacklist ${HOME}/.config/spotify
11noblacklist ${HOME}/.local/share/spotify 19noblacklist ${HOME}/.local/share/spotify
20
12include /etc/firejail/disable-common.inc 21include /etc/firejail/disable-common.inc
13include /etc/firejail/disable-programs.inc
14include /etc/firejail/disable-devel.inc 22include /etc/firejail/disable-devel.inc
15include /etc/firejail/disable-passwdmgr.inc 23include /etc/firejail/disable-passwdmgr.inc
24include /etc/firejail/disable-programs.inc
16 25
17# Whitelist the folders needed by Spotify 26mkdir ${HOME}/.cache/spotify
18mkdir ${HOME}/.config/spotify 27mkdir ${HOME}/.config/spotify
19whitelist ${HOME}/.config/spotify
20mkdir ${HOME}/.local/share/spotify 28mkdir ${HOME}/.local/share/spotify
21whitelist ${HOME}/.local/share/spotify
22mkdir ${HOME}/.cache/spotify
23whitelist ${HOME}/.cache/spotify 29whitelist ${HOME}/.cache/spotify
30whitelist ${HOME}/.config/spotify
31whitelist ${HOME}/.local/share/spotify
32include /etc/firejail/whitelist-common.inc
24 33
25caps.drop all 34caps.drop all
26netfilter 35netfilter
@@ -31,20 +40,11 @@ protocol unix,inet,inet6,netlink
31seccomp 40seccomp
32shell none 41shell none
33 42
34noexec ${HOME} 43disable-mnt
35noexec /tmp
36
37private-bin spotify,bash,sh,dash 44private-bin spotify,bash,sh,dash
38private-etc fonts,machine-id,pulse,resolv.conf
39private-dev 45private-dev
46private-etc fonts,machine-id,pulse,resolv.conf
40private-tmp 47private-tmp
41disable-mnt
42 48
43blacklist ${HOME}/.bashrc 49noexec ${HOME}
44blacklist /boot 50noexec /tmp
45blacklist /lost+found
46blacklist /opt
47blacklist /root
48blacklist /sbin
49blacklist /srv
50blacklist /sys
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-03 08:09:29 +0000