diff options
author | glitsj16 <glitsj16@users.noreply.github.com> | 2023-07-25 19:42:22 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-25 19:42:22 +0000 |
commit | 1c233b53600852aaa66304c153bf94bfc33c3e63 (patch) | |
tree | 65db83da0b0ae2e66c7ebf80a6b96219886131e3 /etc | |
parent | audacious: D-Bus hardening (#5922) (diff) | |
download | firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.gz firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.tar.zst firejail-1c233b53600852aaa66304c153bf94bfc33c3e63.zip |
spotify: D-Bus hardening (#5923)
Diffstat (limited to 'etc')
-rw-r--r-- | etc/profile-m-z/spotify.profile | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f07b10319..c893a92fb 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile | |||
@@ -16,6 +16,7 @@ include disable-common.inc | |||
16 | include disable-devel.inc | 16 | include disable-devel.inc |
17 | include disable-exec.inc | 17 | include disable-exec.inc |
18 | include disable-interpreters.inc | 18 | include disable-interpreters.inc |
19 | include disable-proc.inc | ||
19 | include disable-programs.inc | 20 | include disable-programs.inc |
20 | 21 | ||
21 | mkdir ${HOME}/.cache/spotify | 22 | mkdir ${HOME}/.cache/spotify |
@@ -34,6 +35,7 @@ nodvd | |||
34 | nogroups | 35 | nogroups |
35 | noinput | 36 | noinput |
36 | nonewprivs | 37 | nonewprivs |
38 | noprinters | ||
37 | noroot | 39 | noroot |
38 | notv | 40 | notv |
39 | nou2f | 41 | nou2f |
@@ -50,8 +52,11 @@ private-opt spotify | |||
50 | private-srv none | 52 | private-srv none |
51 | private-tmp | 53 | private-tmp |
52 | 54 | ||
53 | # dbus needed for MPRIS | 55 | dbus-user filter |
54 | # dbus-user none | 56 | dbus-user.own org.mpris.MediaPlayer2.spotify |
55 | # dbus-system none | 57 | dbus-user.talk org.freedesktop.Notifications |
58 | dbus-user.talk org.freedesktop.secrets | ||
59 | dbus-user.talk org.mpris.MediaPlayer2.Player | ||
60 | dbus-system none | ||
56 | 61 | ||
57 | restrict-namespaces | 62 | restrict-namespaces |