harden mpg123.profile (#3438)

* harden mpg123.profile * drop nodvd from mpg123.profile
author: glitsj16 <glitsj16@users.noreply.github.com> 2020-05-27 18:23:44 +0000
committer: GitHub <noreply@github.com> 2020-05-27 18:23:44 +0000
commit: 3d7a75b5e74a22766398e65a23d833e3442163d2 (patch)
tree: 65ac8b4e163b6796b278df8a96710b7f38b3fce0 /etc
parent: new profile: mocp (#3437) (diff)
download: firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.gz
firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.zst
firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile
index 6e18aa401..b1ab81c1e 100644
--- a/etc/profile-m-z/mpg123.profile
+++ b/etc/profile-m-z/mpg123.profile
@@ -1,13 +1,13 @@
 # Firejail profile for mpg123
 # Description: MPEG audio player/decoder
 # This file is overwritten after every install/update
+quiet
 # Persistent local customizations
 include mpg123.local
 # Persistent global definitions
 include globals.local
 noblacklist ${MUSIC}
-noblacklist ${VIDEOS}
 include disable-common.inc
 include disable-devel.inc
@@ -23,19 +23,23 @@ include whitelist-var-common.inc
 apparmor
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
+notv
 nou2f
+novideo
 protocol unix,inet,inet6,netlink
 seccomp
 shell none
+tracelog
 #private-bin mpg123*
 private-dev
 private-tmp
-memory-deny-write-execute
 dbus-user none
 dbus-system none
+memory-deny-write-execute
author	glitsj16 <glitsj16@users.noreply.github.com>	2020-05-27 18:23:44 +0000
committer	GitHub <noreply@github.com>	2020-05-27 18:23:44 +0000
commit	3d7a75b5e74a22766398e65a23d833e3442163d2 (patch)
tree	65ac8b4e163b6796b278df8a96710b7f38b3fce0 /etc
parent	new profile: mocp (#3437) (diff)
download	firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.gz firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.tar.zst firejail-3d7a75b5e74a22766398e65a23d833e3442163d2.zip

diff --git a/etc/profile-m-z/mpg123.profile b/etc/profile-m-z/mpg123.profile index 6e18aa401..b1ab81c1e 100644 --- a/etc/profile-m-z/mpg123.profile +++ b/etc/profile-m-z/mpg123.profile
@@ -1,13 +1,13 @@
1	# Firejail profile for mpg123	1	# Firejail profile for mpg123
2	# Description: MPEG audio player/decoder	2	# Description: MPEG audio player/decoder
3	# This file is overwritten after every install/update	3	# This file is overwritten after every install/update
		4	quiet
4	# Persistent local customizations	5	# Persistent local customizations
5	include mpg123.local	6	include mpg123.local
6	# Persistent global definitions	7	# Persistent global definitions
7	include globals.local	8	include globals.local
8		9
9	noblacklist ${MUSIC}	10	noblacklist ${MUSIC}
10	noblacklist ${VIDEOS}
11		11
12	include disable-common.inc	12	include disable-common.inc
13	include disable-devel.inc	13	include disable-devel.inc
@@ -23,19 +23,23 @@ include whitelist-var-common.inc
23	apparmor	23	apparmor
24	caps.drop all	24	caps.drop all
25	netfilter	25	netfilter
		26	no3d
26	nogroups	27	nogroups
27	nonewprivs	28	nonewprivs
28	noroot	29	noroot
		30	notv
29	nou2f	31	nou2f
		32	novideo
30	protocol unix,inet,inet6,netlink	33	protocol unix,inet,inet6,netlink
31	seccomp	34	seccomp
32	shell none	35	shell none
		36	tracelog
33		37
34	#private-bin mpg123*	38	#private-bin mpg123*
35	private-dev	39	private-dev
36	private-tmp	40	private-tmp
37		41
38	memory-deny-write-execute
39
40	dbus-user none	42	dbus-user none
41	dbus-system none	43	dbus-system none
		44
		45	memory-deny-write-execute