firejail profile for smtube

if you think private-bin needs to be there, feel free to edit the profile, and users would need to add their own players via the smtube.local file
author: PizzaDude <pizzadudedotca@gmail.com> 2017-09-03 14:43:24 -0400
committer: GitHub <noreply@github.com> 2017-09-03 14:43:24 -0400
commit: 933635ee0e22f3d85551470098ccfa12db6a612f (patch)
tree: 585159943faee9f3c27a6cec6a33e8a8a567575d /smtube.profile
parent: fix #1522 (diff)
download: firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.gz
firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.zst
firejail-933635ee0e22f3d85551470098ccfa12db6a612f.zip
1 files changed, 34 insertions, 0 deletions
diff --git a/smtube.profile b/smtube.profile
new file mode 100644
index 000000000..f9966793d
--- /dev/null
+++ b/smtube.profile
@@ -0,0 +1,34 @@
+# Firejail profile for smtube
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/smtube.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smtube
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.mplayer
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.local/share/vlc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+caps.drop all
+netfilter
+# nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+#no private-bin because users can add their own players to smtube and that would prevent that
+private-dev
+private-tmp
+noexec ${HOME}
+noexec /tmp
author	PizzaDude <pizzadudedotca@gmail.com>	2017-09-03 14:43:24 -0400
committer	GitHub <noreply@github.com>	2017-09-03 14:43:24 -0400
commit	933635ee0e22f3d85551470098ccfa12db6a612f (patch)
tree	585159943faee9f3c27a6cec6a33e8a8a567575d /smtube.profile
parent	fix #1522 (diff)
download	firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.gz firejail-933635ee0e22f3d85551470098ccfa12db6a612f.tar.zst firejail-933635ee0e22f3d85551470098ccfa12db6a612f.zip

diff --git a/smtube.profile b/smtube.profile new file mode 100644 index 000000000..f9966793d --- /dev/null +++ b/smtube.profile
@@ -0,0 +1,34 @@
	1	# Firejail profile for smtube
	2	# This file is overwritten after every install/update
	3	# Persistent local customizations
	4	include /etc/firejail/smtube.local
	5	# Persistent global definitions
	6	include /etc/firejail/globals.local
	7
	8	noblacklist ${HOME}/.config/smplayer
	9	noblacklist ${HOME}/.config/smtube
	10	noblacklist ${HOME}/.config/mpv
	11	noblacklist ${HOME}/.mplayer
	12	noblacklist ${HOME}/.config/vlc
	13	noblacklist ${HOME}/.local/share/vlc
	14
	15	include /etc/firejail/disable-common.inc
	16	include /etc/firejail/disable-devel.inc
	17	include /etc/firejail/disable-passwdmgr.inc
	18	include /etc/firejail/disable-programs.inc
	19
	20	caps.drop all
	21	netfilter
	22	# nogroups
	23	nonewprivs
	24	noroot
	25	protocol unix,inet,inet6,netlink
	26	seccomp
	27	shell none
	28
	29	#no private-bin because users can add their own players to smtube and that would prevent that
	30	private-dev
	31	private-tmp
	32
	33	noexec ${HOME}
	34	noexec /tmp