diff options
author | netblue30 <netblue30@protonmail.com> | 2023-01-04 12:09:07 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-01-04 12:09:07 -0500 |
commit | 069ad9d30eab734005a0c417ff679202024e4054 (patch) | |
tree | f9b3cc3aafed088c626a63d0ae426cf2dff80a96 /etc | |
parent | Merge pull request #5553 from slowpeek/master (diff) | |
parent | Apply code review suggestions to chatterino.profile (diff) | |
download | firejail-069ad9d30eab734005a0c417ff679202024e4054.tar.gz firejail-069ad9d30eab734005a0c417ff679202024e4054.tar.zst firejail-069ad9d30eab734005a0c417ff679202024e4054.zip |
Merge pull request #5556 from Dpeta/chatterino-profile
Add profile for Chatterino
Diffstat (limited to 'etc')
-rw-r--r-- | etc/inc/disable-programs.inc | 1 | ||||
-rw-r--r-- | etc/profile-a-l/chatterino.profile | 92 |
2 files changed, 93 insertions, 0 deletions
diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index d6e5da6d5..5e253f232 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc | |||
@@ -879,6 +879,7 @@ blacklist ${HOME}/.local/share/caja-python | |||
879 | blacklist ${HOME}/.local/share/calligragemini | 879 | blacklist ${HOME}/.local/share/calligragemini |
880 | blacklist ${HOME}/.local/share/cantata | 880 | blacklist ${HOME}/.local/share/cantata |
881 | blacklist ${HOME}/.local/share/cdprojektred | 881 | blacklist ${HOME}/.local/share/cdprojektred |
882 | blacklist ${HOME}/.local/share/chatterino | ||
882 | blacklist ${HOME}/.local/share/clipit | 883 | blacklist ${HOME}/.local/share/clipit |
883 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate | 884 | blacklist ${HOME}/.local/share/com.github.johnfactotum.Foliate |
884 | blacklist ${HOME}/.local/share/contacts | 885 | blacklist ${HOME}/.local/share/contacts |
diff --git a/etc/profile-a-l/chatterino.profile b/etc/profile-a-l/chatterino.profile new file mode 100644 index 000000000..4dfd85740 --- /dev/null +++ b/etc/profile-a-l/chatterino.profile | |||
@@ -0,0 +1,92 @@ | |||
1 | # Firejail profile for Chatterino | ||
2 | # Description: Chat client for https://twitch.tv | ||
3 | # This file is overwritten after every install/update | ||
4 | # Persistent local customizations | ||
5 | include chatterino.local | ||
6 | # Persistent global definitions | ||
7 | include globals.local | ||
8 | |||
9 | # To upload images, whitelist/noblacklist their path in chatterino.local. | ||
10 | #whitelist ${PICTURES} | ||
11 | # For custom notification sounds, whitelist/noblacklist their path in chatterino.local. | ||
12 | #whitelist ${MUSIC} | ||
13 | |||
14 | # Also allow access to mpv/vlc, they're usable via streamlink. | ||
15 | noblacklist ${HOME}/.config/mpv | ||
16 | noblacklist ${HOME}/.config/pulse | ||
17 | noblacklist ${HOME}/.config/vlc | ||
18 | noblacklist ${HOME}/.local/share/chatterino | ||
19 | noblacklist ${HOME}/.local/share/vlc | ||
20 | |||
21 | # Allow Lua for mpv (blacklisted by disable-interpreters.inc) | ||
22 | include allow-lua.inc | ||
23 | |||
24 | # Allow Python for Streamlink integration (blacklisted by disable-interpreters.inc) | ||
25 | include allow-python3.inc | ||
26 | |||
27 | include disable-common.inc | ||
28 | include disable-devel.inc | ||
29 | include disable-exec.inc | ||
30 | include disable-interpreters.inc | ||
31 | include disable-proc.inc | ||
32 | include disable-programs.inc | ||
33 | include disable-xdg.inc | ||
34 | |||
35 | # Also allow read-only access to mpv/VLC, they're usable via streamlink. | ||
36 | mkdir ${HOME}/.local/share/chatterino | ||
37 | # VLC preferences will fail to save with read-only set. | ||
38 | whitelist ${HOME}/.local/share/chatterino | ||
39 | whitelist-ro ${HOME}/.config/mpv | ||
40 | whitelist-ro ${HOME}/.config/pulse | ||
41 | whitelist-ro ${HOME}/.config/vlc | ||
42 | whitelist-ro ${HOME}/.local/share/vlc | ||
43 | include whitelist-common.inc | ||
44 | include whitelist-run-common.inc | ||
45 | include whitelist-runuser-common.inc | ||
46 | include whitelist-usr-share-common.inc | ||
47 | include whitelist-var-common.inc | ||
48 | |||
49 | # Streamlink+VLC doesn't seem to close properly with apparmor enabled. | ||
50 | #apparmor | ||
51 | caps.drop all | ||
52 | netfilter | ||
53 | nodvd | ||
54 | nogroups | ||
55 | nonewprivs | ||
56 | noprinters | ||
57 | noroot | ||
58 | notv | ||
59 | nou2f | ||
60 | # Netlink is required for streamlink integration. | ||
61 | protocol unix,inet,inet6,netlink | ||
62 | # Seccomp may break browser integration. | ||
63 | seccomp | ||
64 | seccomp.block-secondary | ||
65 | tracelog | ||
66 | |||
67 | disable-mnt | ||
68 | # Add more private-bin lines for browsers or video players to chatterino.local if wanted. | ||
69 | private-bin chatterino,cvlc,env,ffmpeg,mpv,nvlc,pgrep,python*,qvlc,rvlc,streamlink,svlc,vlc | ||
70 | # private-cache may cause issues with mpv (see #2838) | ||
71 | private-cache | ||
72 | private-dev | ||
73 | private-etc alsa,alternatives,asound.conf,ca-certificates,dbus-1,fonts,hostname,hosts,kde4rc,kde5rc,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,locale,locale.alias,locale.conf,localtime,machine-id,nvidia,passwd,pulse,resolv.conf,rpc,services,ssl,Trolltech.conf,X11 | ||
74 | private-srv none | ||
75 | private-tmp | ||
76 | |||
77 | dbus-user filter | ||
78 | dbus-user.own com.chatterino.* | ||
79 | # Allow notifications. | ||
80 | dbus-user.talk org.freedesktop.Notifications | ||
81 | # For media player integration. | ||
82 | dbus-user.talk org.freedesktop.ScreenSaver | ||
83 | ?ALLOW_TRAY: dbus-user.talk org.kde.StatusNotifierWatcher | ||
84 | dbus-user.own org.mpris.MediaPlayer2.chatterino | ||
85 | dbus-user.talk org.mpris.MediaPlayer2.Player | ||
86 | dbus-system none | ||
87 | |||
88 | # Prevents browsers/players from lingering after Chatterino is closed. | ||
89 | #deterministic-shutdown | ||
90 | # memory-deny-write-execute may break streamlink and browser integration. | ||
91 | #memory-deny-write-execute | ||
92 | restrict-namespaces | ||