diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-19 01:46:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-19 01:46:35 +0200 |
commit | ef9fdc4a1f367ec4a0495ca51e3ed44338df0408 (patch) | |
tree | 2e3e93b374815c085f9f76ccbc8532bf20fb9b74 /etc | |
parent | cat option (diff) | |
parent | Merge pull request #3592 from onovy/signal-audio-video (diff) | |
download | firejail-ef9fdc4a1f367ec4a0495ca51e3ed44338df0408.tar.gz firejail-ef9fdc4a1f367ec4a0495ca51e3ed44338df0408.tar.zst firejail-ef9fdc4a1f367ec4a0495ca51e3ed44338df0408.zip |
Merge branch 'master' into ls
Diffstat (limited to 'etc')
-rw-r--r-- | etc/firejail.config | 2 | ||||
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/inc/whitelist-usr-share-common.inc | 2 | ||||
-rw-r--r-- | etc/profile-a-l/celluloid.profile | 16 | ||||
-rw-r--r-- | etc/profile-a-l/gtk-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-a-l/gtk2-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-a-l/gtk3-youtube-viewer | 18 | ||||
-rw-r--r-- | etc/profile-m-z/mplayer.profile | 13 | ||||
-rw-r--r-- | etc/profile-m-z/mpv.profile | 22 | ||||
-rw-r--r-- | etc/profile-m-z/nomacs.profile | 2 | ||||
-rw-r--r-- | etc/profile-m-z/signal-desktop.profile | 1 | ||||
-rw-r--r-- | etc/profile-m-z/totem.profile | 15 | ||||
-rw-r--r-- | etc/profile-m-z/vlc.profile | 16 | ||||
-rw-r--r-- | etc/profile-m-z/xplayer.profile | 14 | ||||
-rw-r--r-- | etc/profile-m-z/youtube-viewer.profile | 57 |
15 files changed, 189 insertions, 26 deletions
diff --git a/etc/firejail.config b/etc/firejail.config index b2a96612f..731e744dd 100644 --- a/etc/firejail.config +++ b/etc/firejail.config | |||
@@ -107,7 +107,7 @@ | |||
107 | # Enable or disable seccomp support, default enabled. | 107 | # Enable or disable seccomp support, default enabled. |
108 | # seccomp yes | 108 | # seccomp yes |
109 | 109 | ||
110 | # Seccomp error action, kill or errno (EPERM, ENOSYS etc) | 110 | # Seccomp error action, kill, log or errno (EPERM, ENOSYS etc) |
111 | # seccomp-error-action EPERM | 111 | # seccomp-error-action EPERM |
112 | 112 | ||
113 | # Enable or disable user namespace support, default enabled. | 113 | # Enable or disable user namespace support, default enabled. |
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index e911be93a..e5dd9cb59 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -396,6 +396,7 @@ blacklist ${HOME}/.config/yandex-browser | |||
396 | blacklist ${HOME}/.config/yandex-browser-beta | 396 | blacklist ${HOME}/.config/yandex-browser-beta |
397 | blacklist ${HOME}/.config/yelp | 397 | blacklist ${HOME}/.config/yelp |
398 | blacklist ${HOME}/.config/youtube-dl | 398 | blacklist ${HOME}/.config/youtube-dl |
399 | blacklist ${HOME}/.config/youtube-viewer | ||
399 | blacklist ${HOME}/.config/zathura | 400 | blacklist ${HOME}/.config/zathura |
400 | blacklist ${HOME}/.config/zoomus.conf | 401 | blacklist ${HOME}/.config/zoomus.conf |
401 | blacklist ${HOME}/.config/Zulip | 402 | blacklist ${HOME}/.config/Zulip |
diff --git a/etc/inc/whitelist-usr-share-common.inc b/etc/inc/whitelist-usr-share-common.inc index c9c8bdedf..ceeb14dcc 100644 --- a/etc/inc/whitelist-usr-share-common.inc +++ b/etc/inc/whitelist-usr-share-common.inc | |||
@@ -41,6 +41,8 @@ whitelist /usr/share/misc | |||
41 | whitelist /usr/share/Modules | 41 | whitelist /usr/share/Modules |
42 | whitelist /usr/share/myspell | 42 | whitelist /usr/share/myspell |
43 | whitelist /usr/share/p11-kit | 43 | whitelist /usr/share/p11-kit |
44 | whitelist /usr/share/perl | ||
45 | whitelist /usr/share/perl5 | ||
44 | whitelist /usr/share/pixmaps | 46 | whitelist /usr/share/pixmaps |
45 | whitelist /usr/share/pki | 47 | whitelist /usr/share/pki |
46 | whitelist /usr/share/plasma | 48 | whitelist /usr/share/plasma |
diff --git a/etc/profile-a-l/celluloid.profile b/etc/profile-a-l/celluloid.profile index 567bd912a..54d3f742f 100644 --- a/etc/profile-a-l/celluloid.profile +++ b/etc/profile-a-l/celluloid.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.config/celluloid | 9 | noblacklist ${HOME}/.config/celluloid |
10 | noblacklist ${HOME}/.config/gnome-mpv | 10 | noblacklist ${HOME}/.config/gnome-mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 11 | noblacklist ${HOME}/.config/youtube-dl |
12 | noblacklist ${MUSIC} | ||
13 | noblacklist ${VIDEOS} | ||
14 | 12 | ||
15 | # Allow python (blacklisted by disable-interpreters.inc) | 13 | # Allow python (blacklisted by disable-interpreters.inc) |
16 | include allow-python2.inc | 14 | include allow-python2.inc |
@@ -22,8 +20,20 @@ include disable-exec.inc | |||
22 | include disable-interpreters.inc | 20 | include disable-interpreters.inc |
23 | include disable-passwdmgr.inc | 21 | include disable-passwdmgr.inc |
24 | include disable-programs.inc | 22 | include disable-programs.inc |
25 | include disable-xdg.inc | ||
26 | 23 | ||
24 | read-only ${DESKTOP} | ||
25 | mkdir ${HOME}/.config/celluloid | ||
26 | mkdir ${HOME}/.config/gnome-mpv | ||
27 | mkdir ${HOME}/.config/youtube-dl | ||
28 | whitelist ${HOME}/.config/celluloid | ||
29 | whitelist ${HOME}/.config/gnome-mpv | ||
30 | whitelist ${HOME}/.config/youtube-dl | ||
31 | whitelist ${DESKTOP} | ||
32 | whitelist ${DOWNLOADS} | ||
33 | whitelist ${MUSIC} | ||
34 | whitelist ${PICTURES} | ||
35 | whitelist ${VIDEOS} | ||
36 | include whitelist-common.inc | ||
27 | include whitelist-runuser-common.inc | 37 | include whitelist-runuser-common.inc |
28 | include whitelist-usr-share-common.inc | 38 | include whitelist-usr-share-common.inc |
29 | include whitelist-var-common.inc | 39 | include whitelist-var-common.inc |
diff --git a/etc/profile-a-l/gtk-youtube-viewer b/etc/profile-a-l/gtk-youtube-viewer new file mode 100644 index 000000000..023f10d3d --- /dev/null +++ b/etc/profile-a-l/gtk-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/gtk2-youtube-viewer b/etc/profile-a-l/gtk2-youtube-viewer new file mode 100644 index 000000000..331e73218 --- /dev/null +++ b/etc/profile-a-l/gtk2-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk2-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk2-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-a-l/gtk3-youtube-viewer b/etc/profile-a-l/gtk3-youtube-viewer new file mode 100644 index 000000000..4c5bde55f --- /dev/null +++ b/etc/profile-a-l/gtk3-youtube-viewer | |||
@@ -0,0 +1,18 @@ | |||
1 | # Firejail profile for gtk3-youtube-viewer | ||
2 | # Description: Gtk front-end to youtube-viewer | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include gtk3-youtube-viewer.local | ||
6 | # Persistent global definitions | ||
7 | # include globals.local | ||
8 | |||
9 | ignore quiet | ||
10 | |||
11 | noblacklist /tmp/.X11-unix | ||
12 | noblacklist ${RUNUSER}/wayland-* | ||
13 | noblacklist ${RUNUSER} | ||
14 | |||
15 | include whitelist-runuser-common.inc | ||
16 | |||
17 | # Redirect | ||
18 | include youtube-viewer.profile \ No newline at end of file | ||
diff --git a/etc/profile-m-z/mplayer.profile b/etc/profile-m-z/mplayer.profile index cd25d6c0b..f4f862cb9 100644 --- a/etc/profile-m-z/mplayer.profile +++ b/etc/profile-m-z/mplayer.profile | |||
@@ -7,8 +7,6 @@ include mplayer.local | |||
7 | include globals.local | 7 | include globals.local |
8 | 8 | ||
9 | noblacklist ${HOME}/.mplayer | 9 | noblacklist ${HOME}/.mplayer |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
12 | 10 | ||
13 | include disable-common.inc | 11 | include disable-common.inc |
14 | include disable-devel.inc | 12 | include disable-devel.inc |
@@ -16,8 +14,16 @@ include disable-exec.inc | |||
16 | include disable-interpreters.inc | 14 | include disable-interpreters.inc |
17 | include disable-passwdmgr.inc | 15 | include disable-passwdmgr.inc |
18 | include disable-programs.inc | 16 | include disable-programs.inc |
19 | include disable-xdg.inc | ||
20 | 17 | ||
18 | read-only ${DESKTOP} | ||
19 | mkdir ${HOME}/.mplayer | ||
20 | whitelist ${HOME}/.mplayer | ||
21 | whitelist ${DESKTOP} | ||
22 | whitelist ${DOWNLOADS} | ||
23 | whitelist ${MUSIC} | ||
24 | whitelist ${PICTURES} | ||
25 | whitelist ${VIDEOS} | ||
26 | include whitelist-common.inc | ||
21 | include whitelist-usr-share-common.inc | 27 | include whitelist-usr-share-common.inc |
22 | include whitelist-var-common.inc | 28 | include whitelist-var-common.inc |
23 | 29 | ||
@@ -36,4 +42,3 @@ shell none | |||
36 | private-bin mplayer | 42 | private-bin mplayer |
37 | private-dev | 43 | private-dev |
38 | private-tmp | 44 | private-tmp |
39 | |||
diff --git a/etc/profile-m-z/mpv.profile b/etc/profile-m-z/mpv.profile index 2fc027257..5ca684eb5 100644 --- a/etc/profile-m-z/mpv.profile +++ b/etc/profile-m-z/mpv.profile | |||
@@ -7,6 +7,10 @@ include mpv.local | |||
7 | # Persistent global definitions | 7 | # Persistent global definitions |
8 | include globals.local | 8 | include globals.local |
9 | 9 | ||
10 | # In order to save screenshots to a persistent location, | ||
11 | # edit ~/.config/mpv/foobar.conf: | ||
12 | # screenshot-directory=~/Pictures | ||
13 | |||
10 | noblacklist ${HOME}/.config/mpv | 14 | noblacklist ${HOME}/.config/mpv |
11 | noblacklist ${HOME}/.config/youtube-dl | 15 | noblacklist ${HOME}/.config/youtube-dl |
12 | noblacklist ${HOME}/.netrc | 16 | noblacklist ${HOME}/.netrc |
@@ -17,10 +21,6 @@ include allow-lua.inc | |||
17 | include allow-python2.inc | 21 | include allow-python2.inc |
18 | include allow-python3.inc | 22 | include allow-python3.inc |
19 | 23 | ||
20 | noblacklist ${MUSIC} | ||
21 | noblacklist ${PICTURES} | ||
22 | noblacklist ${VIDEOS} | ||
23 | |||
24 | include disable-common.inc | 24 | include disable-common.inc |
25 | include disable-devel.inc | 25 | include disable-devel.inc |
26 | include disable-exec.inc | 26 | include disable-exec.inc |
@@ -28,8 +28,20 @@ include disable-interpreters.inc | |||
28 | include disable-passwdmgr.inc | 28 | include disable-passwdmgr.inc |
29 | include disable-programs.inc | 29 | include disable-programs.inc |
30 | include disable-shell.inc | 30 | include disable-shell.inc |
31 | include disable-xdg.inc | ||
32 | 31 | ||
32 | read-only ${DESKTOP} | ||
33 | mkdir ${HOME}/.config/mpv | ||
34 | mkdir ${HOME}/.config/youtube-dl | ||
35 | mkfile ${HOME}/.netrc | ||
36 | whitelist ${HOME}/.config/mpv | ||
37 | whitelist ${HOME}/.config/youtube-dl | ||
38 | whitelist ${HOME}/.netrc | ||
39 | whitelist ${DESKTOP} | ||
40 | whitelist ${DOWNLOADS} | ||
41 | whitelist ${MUSIC} | ||
42 | whitelist ${PICTURES} | ||
43 | whitelist ${VIDEOS} | ||
44 | include whitelist-common.inc | ||
33 | whitelist /usr/share/lua | 45 | whitelist /usr/share/lua |
34 | whitelist /usr/share/lua* | 46 | whitelist /usr/share/lua* |
35 | whitelist /usr/share/vulkan | 47 | whitelist /usr/share/vulkan |
diff --git a/etc/profile-m-z/nomacs.profile b/etc/profile-m-z/nomacs.profile index 7a7ff504a..d081c9cb7 100644 --- a/etc/profile-m-z/nomacs.profile +++ b/etc/profile-m-z/nomacs.profile | |||
@@ -43,5 +43,3 @@ private-cache | |||
43 | private-dev | 43 | private-dev |
44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl | 44 | private-etc alternatives,ca-certificates,crypto-policies,dconf,drirc,fonts,gtk-3.0,hosts,login.defs,machine-id,pki,resolv.conf,ssl |
45 | private-tmp | 45 | private-tmp |
46 | |||
47 | memory-deny-write-execute | ||
diff --git a/etc/profile-m-z/signal-desktop.profile b/etc/profile-m-z/signal-desktop.profile index b51a86e7d..c28571270 100644 --- a/etc/profile-m-z/signal-desktop.profile +++ b/etc/profile-m-z/signal-desktop.profile | |||
@@ -34,7 +34,6 @@ nodvd | |||
34 | nogroups | 34 | nogroups |
35 | notv | 35 | notv |
36 | nou2f | 36 | nou2f |
37 | novideo | ||
38 | shell none | 37 | shell none |
39 | 38 | ||
40 | disable-mnt | 39 | disable-mnt |
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile index b8f4ca765..abbbba6c3 100644 --- a/etc/profile-m-z/totem.profile +++ b/etc/profile-m-z/totem.profile | |||
@@ -14,9 +14,6 @@ include allow-python3.inc | |||
14 | 14 | ||
15 | noblacklist ${HOME}/.config/totem | 15 | noblacklist ${HOME}/.config/totem |
16 | noblacklist ${HOME}/.local/share/totem | 16 | noblacklist ${HOME}/.local/share/totem |
17 | noblacklist ${MUSIC} | ||
18 | noblacklist ${PICTURES} | ||
19 | noblacklist ${VIDEOS} | ||
20 | 17 | ||
21 | include disable-common.inc | 18 | include disable-common.inc |
22 | include disable-devel.inc | 19 | include disable-devel.inc |
@@ -25,8 +22,18 @@ include disable-interpreters.inc | |||
25 | include disable-passwdmgr.inc | 22 | include disable-passwdmgr.inc |
26 | include disable-programs.inc | 23 | include disable-programs.inc |
27 | include disable-shell.inc | 24 | include disable-shell.inc |
28 | include disable-xdg.inc | ||
29 | 25 | ||
26 | read-only ${DESKTOP} | ||
27 | mkdir ${HOME}/.config/totem | ||
28 | mkdir ${HOME}/.local/share/totem | ||
29 | whitelist ${HOME}/.config/totem | ||
30 | whitelist ${HOME}/.local/share/totem | ||
31 | whitelist ${DESKTOP} | ||
32 | whitelist ${DOWNLOADS} | ||
33 | whitelist ${MUSIC} | ||
34 | whitelist ${PICTURES} | ||
35 | whitelist ${VIDEOS} | ||
36 | include whitelist-common.inc | ||
30 | include whitelist-var-common.inc | 37 | include whitelist-var-common.inc |
31 | 38 | ||
32 | # apparmor - makes settings immutable | 39 | # apparmor - makes settings immutable |
diff --git a/etc/profile-m-z/vlc.profile b/etc/profile-m-z/vlc.profile index 0069ebeae..07a1b5fc0 100644 --- a/etc/profile-m-z/vlc.profile +++ b/etc/profile-m-z/vlc.profile | |||
@@ -9,8 +9,6 @@ include globals.local | |||
9 | noblacklist ${HOME}/.cache/vlc | 9 | noblacklist ${HOME}/.cache/vlc |
10 | noblacklist ${HOME}/.config/vlc | 10 | noblacklist ${HOME}/.config/vlc |
11 | noblacklist ${HOME}/.local/share/vlc | 11 | noblacklist ${HOME}/.local/share/vlc |
12 | noblacklist ${MUSIC} | ||
13 | noblacklist ${VIDEOS} | ||
14 | 12 | ||
15 | include disable-common.inc | 13 | include disable-common.inc |
16 | include disable-devel.inc | 14 | include disable-devel.inc |
@@ -18,8 +16,20 @@ include disable-exec.inc | |||
18 | include disable-interpreters.inc | 16 | include disable-interpreters.inc |
19 | include disable-passwdmgr.inc | 17 | include disable-passwdmgr.inc |
20 | include disable-programs.inc | 18 | include disable-programs.inc |
21 | include disable-xdg.inc | ||
22 | 19 | ||
20 | read-only ${DESKTOP} | ||
21 | mkdir ${HOME}/.cache/vlc | ||
22 | mkdir ${HOME}/.config/vlc | ||
23 | mkdir ${HOME}/.local/share/vlc | ||
24 | whitelist ${HOME}/.cache/vlc | ||
25 | whitelist ${HOME}/.config/vlc | ||
26 | whitelist ${HOME}/.local/share/vlc | ||
27 | whitelist ${DESKTOP} | ||
28 | whitelist ${DOWNLOADS} | ||
29 | whitelist ${MUSIC} | ||
30 | whitelist ${PICTURES} | ||
31 | whitelist ${VIDEOS} | ||
32 | include whitelist-common.inc | ||
23 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
24 | 34 | ||
25 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access | 35 | #apparmor - on Ubuntu 18.04 it refuses to start without dbus access |
diff --git a/etc/profile-m-z/xplayer.profile b/etc/profile-m-z/xplayer.profile index 28df73ea5..555d8e9a4 100644 --- a/etc/profile-m-z/xplayer.profile +++ b/etc/profile-m-z/xplayer.profile | |||
@@ -7,8 +7,6 @@ include globals.local | |||
7 | 7 | ||
8 | noblacklist ${HOME}/.config/xplayer | 8 | noblacklist ${HOME}/.config/xplayer |
9 | noblacklist ${HOME}/.local/share/xplayer | 9 | noblacklist ${HOME}/.local/share/xplayer |
10 | noblacklist ${MUSIC} | ||
11 | noblacklist ${VIDEOS} | ||
12 | 10 | ||
13 | # Allow python (blacklisted by disable-interpreters.inc) | 11 | # Allow python (blacklisted by disable-interpreters.inc) |
14 | include allow-python2.inc | 12 | include allow-python2.inc |
@@ -20,8 +18,18 @@ include disable-exec.inc | |||
20 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
21 | include disable-passwdmgr.inc | 19 | include disable-passwdmgr.inc |
22 | include disable-programs.inc | 20 | include disable-programs.inc |
23 | include disable-xdg.inc | ||
24 | 21 | ||
22 | read-only ${DESKTOP} | ||
23 | mkdir ${HOME}/.config/xplayer | ||
24 | mkdir ${HOME}/.local/share/xplayer | ||
25 | whitelist ${HOME}/.config/xplayer | ||
26 | whitelist ${HOME}/.local/share/xplayer | ||
27 | whitelist ${DESKTOP} | ||
28 | whitelist ${DOWNLOADS} | ||
29 | whitelist ${MUSIC} | ||
30 | whitelist ${PICTURES} | ||
31 | whitelist ${VIDEOS} | ||
32 | include whitelist-common.inc | ||
25 | include whitelist-var-common.inc | 33 | include whitelist-var-common.inc |
26 | 34 | ||
27 | # apparmor - makes settings immutable | 35 | # apparmor - makes settings immutable |
diff --git a/etc/profile-m-z/youtube-viewer.profile b/etc/profile-m-z/youtube-viewer.profile new file mode 100644 index 000000000..513cb0f6e --- /dev/null +++ b/etc/profile-m-z/youtube-viewer.profile | |||
@@ -0,0 +1,57 @@ | |||
1 | # Firejail profile for youtube-viewer | ||
2 | # Description: Trizen's CLI Youtube viewer with login support | ||
3 | # This file is overwritten after every install/update | ||
4 | quiet | ||
5 | # Persistent local customizations | ||
6 | include youtube-viewer.local | ||
7 | # Persistent global definitions | ||
8 | include globals.local | ||
9 | |||
10 | blacklist /tmp/.X11-unix | ||
11 | blacklist ${RUNUSER}/wayland-* | ||
12 | blacklist ${RUNUSER} | ||
13 | |||
14 | noblacklist ${HOME}/.config/youtube-viewer | ||
15 | |||
16 | include allow-perl.inc | ||
17 | include allow-python2.inc | ||
18 | include allow-python3.inc | ||
19 | |||
20 | include disable-common.inc | ||
21 | include disable-devel.inc | ||
22 | include disable-exec.inc | ||
23 | include disable-interpreters.inc | ||
24 | include disable-passwdmgr.inc | ||
25 | include disable-programs.inc | ||
26 | include disable-xdg.inc | ||
27 | |||
28 | mkdir ${HOME}/.config/youtube-viewer | ||
29 | whitelist ${HOME}/.config/youtube-viewer | ||
30 | include whitelist-common.inc | ||
31 | include whitelist-usr-share-common.inc | ||
32 | include whitelist-var-common.inc | ||
33 | |||
34 | apparmor | ||
35 | caps.drop all | ||
36 | netfilter | ||
37 | nodvd | ||
38 | nogroups | ||
39 | nonewprivs | ||
40 | noroot | ||
41 | notv | ||
42 | nou2f | ||
43 | novideo | ||
44 | protocol unix,inet,inet6 | ||
45 | seccomp | ||
46 | shell none | ||
47 | tracelog | ||
48 | |||
49 | disable-mnt | ||
50 | # private-bin ffmpeg,ffprobe,firefox,gtk-youtube-viewer,gtk2-youtube-viewer,gtk3-youtube-viewer,mpv,python*,smplayer,sh,which,vlc,youtube-dl,youtube-viewer | ||
51 | private-cache | ||
52 | private-dev | ||
53 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,machine-id,mime.types,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl,X11,xdg | ||
54 | private-tmp | ||
55 | |||
56 | dbus-user none | ||
57 | dbus-system none \ No newline at end of file | ||