add tvbrowser.profile

Thanks @Micha-Btz for all the testing.
author: rusty-snake <print_hello_world+Public@protonmail.com> 2020-01-18 14:02:59 +0100
committer: rusty-snake <print_hello_world+Public@protonmail.com> 2020-01-18 14:03:53 +0100
commit: eba10ae24f248b96b746c81ee412141d1eb68d9e (patch)
tree: ff992e368abb022dfe2e36fed191fbea93e2811e /etc
parent: make devilspie2 redircet to devilspie (#3163) (diff)
download: firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.tar.gz
firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.tar.zst
firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.zip
2 files changed, 53 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index 7e8e67656..25bc37801 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -312,6 +312,7 @@ blacklist ${HOME}/.config/tox
 blacklist ${HOME}/.config/transgui
 blacklist ${HOME}/.config/transmission
 blacklist ${HOME}/.config/truecraft
+blacklist ${HOME}/.config/tvbrowser
 blacklist ${HOME}/.config/uGet
 blacklist ${HOME}/.config/uzbl
 blacklist ${HOME}/.config/viewnior
@@ -663,6 +664,7 @@ blacklist ${HOME}/.torcs
 blacklist ${HOME}/.tremulous
 blacklist ${HOME}/.ts3client
 blacklist ${HOME}/.tuxguitar*
+blacklist ${HOME}/.tvbrowser
 blacklist ${HOME}/.unknown-horizons
 blacklist ${HOME}/.viking
 blacklist ${HOME}/.viking-maps
diff --git a/etc/tvbrowser.profile b/etc/tvbrowser.profile
new file mode 100644
index 000000000..6e028b086
--- /dev/null
+++ b/etc/tvbrowser.profile
@@ -0,0 +1,51 @@
+# Firejail profile for tvbrowser
+# Description: java tv programm form tvbrowser.org
+# This file is overwritten after every install/update
+# Persistent local customizations
+include tvbrowser.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/tvbrowser
+noblacklist ${HOME}/.tvbrowser
+# Allow java (blacklisted by disable-devel.inc)
+include allow-java.inc
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+mkdir ${HOME}/.config/tvbrowser
+mkdir ${HOME}/.tvbrowser
+whitelist ${HOME}/.config/tvbrowser
+whitelist ${HOME}/.tvbrowser
+whitelist /usr/share/tvbrowser
+include whitelist-common.inc
+include whitelist-usr-share-common.inc
+include whitelist-var-common.inc
+caps.drop all
+netfilter
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+notv
+nou2f
+novideo
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+disable-mnt
+private-cache
+private-dev
+private-tmp
author	rusty-snake <print_hello_world+Public@protonmail.com>	2020-01-18 14:02:59 +0100
committer	rusty-snake <print_hello_world+Public@protonmail.com>	2020-01-18 14:03:53 +0100
commit	eba10ae24f248b96b746c81ee412141d1eb68d9e (patch)
tree	ff992e368abb022dfe2e36fed191fbea93e2811e /etc
parent	make devilspie2 redircet to devilspie (#3163) (diff)
download	firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.tar.gz firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.tar.zst firejail-eba10ae24f248b96b746c81ee412141d1eb68d9e.zip

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 7e8e67656..25bc37801 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -312,6 +312,7 @@ blacklist ${HOME}/.config/tox
312	blacklist ${HOME}/.config/transgui	312	blacklist ${HOME}/.config/transgui
313	blacklist ${HOME}/.config/transmission	313	blacklist ${HOME}/.config/transmission
314	blacklist ${HOME}/.config/truecraft	314	blacklist ${HOME}/.config/truecraft
		315	blacklist ${HOME}/.config/tvbrowser
315	blacklist ${HOME}/.config/uGet	316	blacklist ${HOME}/.config/uGet
316	blacklist ${HOME}/.config/uzbl	317	blacklist ${HOME}/.config/uzbl
317	blacklist ${HOME}/.config/viewnior	318	blacklist ${HOME}/.config/viewnior
@@ -663,6 +664,7 @@ blacklist ${HOME}/.torcs
663	blacklist ${HOME}/.tremulous	664	blacklist ${HOME}/.tremulous
664	blacklist ${HOME}/.ts3client	665	blacklist ${HOME}/.ts3client
665	blacklist ${HOME}/.tuxguitar*	666	blacklist ${HOME}/.tuxguitar*
		667	blacklist ${HOME}/.tvbrowser
666	blacklist ${HOME}/.unknown-horizons	668	blacklist ${HOME}/.unknown-horizons
667	blacklist ${HOME}/.viking	669	blacklist ${HOME}/.viking
668	blacklist ${HOME}/.viking-maps	670	blacklist ${HOME}/.viking-maps


diff --git a/etc/tvbrowser.profile b/etc/tvbrowser.profile new file mode 100644 index 000000000..6e028b086 --- /dev/null +++ b/etc/tvbrowser.profile
@@ -0,0 +1,51 @@
		1	# Firejail profile for tvbrowser
		2	# Description: java tv programm form tvbrowser.org
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include tvbrowser.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/tvbrowser
		10	noblacklist ${HOME}/.tvbrowser
		11
		12	# Allow java (blacklisted by disable-devel.inc)
		13	include allow-java.inc
		14
		15	include disable-common.inc
		16	include disable-devel.inc
		17	include disable-exec.inc
		18	include disable-interpreters.inc
		19	include disable-passwdmgr.inc
		20	include disable-programs.inc
		21	include disable-xdg.inc
		22
		23	mkdir ${HOME}/.config/tvbrowser
		24	mkdir ${HOME}/.tvbrowser
		25	whitelist ${HOME}/.config/tvbrowser
		26	whitelist ${HOME}/.tvbrowser
		27	whitelist /usr/share/tvbrowser
		28	include whitelist-common.inc
		29	include whitelist-usr-share-common.inc
		30	include whitelist-var-common.inc
		31
		32	caps.drop all
		33	netfilter
		34	no3d
		35	nodbus
		36	nodvd
		37	nogroups
		38	nonewprivs
		39	noroot
		40	notv
		41	nou2f
		42	novideo
		43	protocol unix,inet,inet6
		44	seccomp
		45	shell none
		46	tracelog
		47
		48	disable-mnt
		49	private-cache
		50	private-dev
		51	private-tmp