6 files changed, 31 insertions, 8 deletions

diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
index 839ba6f49..643832617 100644
--- a/.github/workflows/build-extra.yml
+++ b/.github/workflows/build-extra.yml
@@ -60,7 +60,7 @@ jobs:
         allowed-endpoints: >
           azure.archive.ubuntu.com:80
           github.com:443
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: install dependencies
       run: sudo apt-get install libapparmor-dev libselinux1-dev
     - name: configure
@@ -81,7 +81,7 @@ jobs:
         allowed-endpoints: >
           azure.archive.ubuntu.com:80
           github.com:443
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: install clang-tools-14 and dependencies
       run: sudo apt-get install clang-tools-14 libapparmor-dev libselinux1-dev
     - name: configure
@@ -98,7 +98,7 @@ jobs:
         allowed-endpoints: >
           azure.archive.ubuntu.com:80
           github.com:443
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: install cppcheck
       run: sudo apt-get install cppcheck
     - name: cppcheck
@@ -115,7 +115,7 @@ jobs:
         allowed-endpoints: >
           azure.archive.ubuntu.com:80
           github.com:443
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: install cppcheck
       run: sudo apt-get install cppcheck
     - name: cppcheck
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 852575532..ab15f42e7 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -56,7 +56,7 @@ jobs:
           www.debian.org:443
           www.debian.org:80
           yahoo.com:1025
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: update package information
       run: sudo apt-get update
     - name: install dependencies
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 47b4bfca3..bf08e01e9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -84,7 +84,7 @@ jobs:
           uploads.github.com:443
 
     - name: Checkout repository
-      uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+      uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
diff --git a/.github/workflows/profile-checks.yml b/.github/workflows/profile-checks.yml
index 4acd94c96..0504a58fd 100644
--- a/.github/workflows/profile-checks.yml
+++ b/.github/workflows/profile-checks.yml
@@ -33,7 +33,7 @@ jobs:
         allowed-endpoints: >
           github.com:443
 
-    - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
+    - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c
     - name: sort.py
       run: ./ci/check/profiles/sort.py etc/inc/*.inc etc/{profile-a-l,profile-m-z}/*.profile
     - name: private-etc-always-required.sh
diff --git a/RELNOTES b/RELNOTES
index 4d01e9651..82668ec9c 100644
--- a/RELNOTES
+++ b/RELNOTES
@@ -58,6 +58,7 @@ firejail (0.9.72rc1) baseline; urgency=low
   * docs: clarify that --appimage should appear before --profile (#5402 #5451)
   * docs: add more Firefox examples to the firejail-local AppArmor profile
     (#5493)
+  * docs: Fix broken Restrict-DBus wiki link on profile.template (#5554)
  -- netblue30 <netblue30@yahoo.com>  Sat, 11 Jun 2022 09:00:00 -0500
 
 firejail (0.9.70) baseline; urgency=low
diff --git a/etc/profile-m-z/QMediathekView.profile b/etc/profile-m-z/QMediathekView.profile
index 1e9af5769..22c4c4631 100644
--- a/etc/profile-m-z/QMediathekView.profile
+++ b/etc/profile-m-z/QMediathekView.profile
@@ -27,10 +27,30 @@ include disable-programs.inc
 include disable-shell.inc
 include disable-xdg.inc
 
+mkdir ${HOME}/.config/QMediathekView
+mkdir ${HOME}/.local/share/QMediathekView
+whitelist ${HOME}/.config/QMediathekView
+whitelist ${HOME}/.local/share/QMediathekView
+
+whitelist ${DOWNLOADS}
+whitelist ${VIDEOS}
+
+whitelist ${HOME}/.config/mpv
+whitelist ${HOME}/.config/smplayer
+whitelist ${HOME}/.config/totem
+whitelist ${HOME}/.config/vlc
+whitelist ${HOME}/.config/xplayer
+whitelist ${HOME}/.local/share/totem
+whitelist ${HOME}/.local/share/xplayer
+whitelist ${HOME}/.mplayer
 whitelist /usr/share/qtchooser
+include whitelist-common.inc
+include whitelist-run-common.inc
+include whitelist-runuser-common.inc
 include whitelist-usr-share-common.inc
 include whitelist-var-common.inc
 
+apparmor
 caps.drop all
 netfilter
 # no3d
@@ -38,11 +58,12 @@ nodvd
 nogroups
 noinput
 nonewprivs
+noprinters
 noroot
 notv
 nou2f
 novideo
-protocol unix,inet,inet6,netlink
+protocol unix,inet,inet6
 seccomp
 tracelog
 
@@ -50,6 +71,7 @@ disable-mnt
 private-bin mplayer,mpv,QMediathekView,smplayer,totem,vlc,xplayer
 private-cache
 private-dev
+private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,group,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,login.defs,nsswitch.conf,passwd,pki,pulse,resolv.conf,ssl
 private-tmp
 
 dbus-user none