3 files changed, 37 insertions, 3 deletions

diff --git a/etc/snap.profile b/etc/snap.profile
index 238dffeab..38aef7c23 100644
--- a/etc/snap.profile
+++ b/etc/snap.profile
@@ -14,5 +14,3 @@ include /etc/firejail/disable-programs.inc
 whitelist ${DOWNLOADS}
 whitelist ~/snap
 include /etc/firejail/whitelist-common.inc
-nodvd
-notv
diff --git a/smtube.profile b/smtube.profile
new file mode 100644
index 000000000..2694dd5b0
--- /dev/null
+++ b/smtube.profile
@@ -0,0 +1,37 @@
+# Firejail profile for smtube
+# This file is overwritten after every install/update
+# Persistent local customizations
+include /etc/firejail/smtube.local
+# Persistent global definitions
+include /etc/firejail/globals.local
+
+noblacklist ${HOME}/.config/smplayer
+noblacklist ${HOME}/.config/smtube
+noblacklist ${HOME}/.config/mpv
+noblacklist ${HOME}/.mplayer
+noblacklist ${HOME}/.config/vlc
+noblacklist ${HOME}/.local/share/vlc
+
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+include /etc/firejail/disable-programs.inc
+
+caps.drop all
+netfilter
+nodvd
+notv
+novideo
+nogroups
+nonewprivs
+noroot
+protocol unix,inet,inet6,netlink
+seccomp
+shell none
+
+#no private-bin because users can add their own players to smtube and that would prevent that
+private-dev
+private-tmp
+
+noexec ${HOME}
+noexec /tmp
diff --git a/src/fseccomp/syscall.c b/src/fseccomp/syscall.c
index abdedb957..d0692b2ef 100644
--- a/src/fseccomp/syscall.c
+++ b/src/fseccomp/syscall.c
@@ -110,7 +110,6 @@ static const SyscallGroupList sysgroups[] = {
         { .name = "@default", .list =
           "@cpu-emulation,"
           "@debug,"
-          "@module,"
           "@obsolete,"
           "@privileged,"
           "@resources,"