1 files changed, 53 insertions, 0 deletions
diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile
new file mode 100644
index 000000000..b8f4ca765
--- /dev/null
+++ b/etc/profile-m-z/totem.profile
@@ -0,0 +1,53 @@
+# Firejail profile for totem
+# Description: Simple media player for the GNOME desktop based on GStreamer
+# This file is overwritten after every install/update
+# Persistent local customizations
+include totem.local
+# Persistent global definitions
+include globals.local
+# Allow lua (required for youtube video)
+include allow-lua.inc
+# Allow python (blacklisted by disable-interpreters.inc)
+include allow-python3.inc
+noblacklist ${HOME}/.config/totem
+noblacklist ${HOME}/.local/share/totem
+noblacklist ${MUSIC}
+noblacklist ${PICTURES}
+noblacklist ${VIDEOS}
+include disable-common.inc
+include disable-devel.inc
+include disable-exec.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-shell.inc
+include disable-xdg.inc
+include whitelist-var-common.inc
+# apparmor - makes settings immutable
+caps.drop all
+netfilter
+nogroups
+nonewprivs
+noroot
+nou2f
+protocol unix,inet,inet6
+seccomp
+shell none
+tracelog
+private-bin totem
+# totem needs access to ~/.cache/tracker or it exits
+#private-cache
+private-dev
+# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl
+private-tmp
+# makes settings immutable
+# dbus-user none
+# dbus-system none

diff --git a/etc/profile-m-z/totem.profile b/etc/profile-m-z/totem.profile new file mode 100644 index 000000000..b8f4ca765 --- /dev/null +++ b/etc/profile-m-z/totem.profile
@@ -0,0 +1,53 @@
	1	# Firejail profile for totem
	2	# Description: Simple media player for the GNOME desktop based on GStreamer
	3	# This file is overwritten after every install/update
	4	# Persistent local customizations
	5	include totem.local
	6	# Persistent global definitions
	7	include globals.local
	8
	9	# Allow lua (required for youtube video)
	10	include allow-lua.inc
	11
	12	# Allow python (blacklisted by disable-interpreters.inc)
	13	include allow-python3.inc
	14
	15	noblacklist ${HOME}/.config/totem
	16	noblacklist ${HOME}/.local/share/totem
	17	noblacklist ${MUSIC}
	18	noblacklist ${PICTURES}
	19	noblacklist ${VIDEOS}
	20
	21	include disable-common.inc
	22	include disable-devel.inc
	23	include disable-exec.inc
	24	include disable-interpreters.inc
	25	include disable-passwdmgr.inc
	26	include disable-programs.inc
	27	include disable-shell.inc
	28	include disable-xdg.inc
	29
	30	include whitelist-var-common.inc
	31
	32	# apparmor - makes settings immutable
	33	caps.drop all
	34	netfilter
	35	nogroups
	36	nonewprivs
	37	noroot
	38	nou2f
	39	protocol unix,inet,inet6
	40	seccomp
	41	shell none
	42	tracelog
	43
	44	private-bin totem
	45	# totem needs access to ~/.cache/tracker or it exits
	46	#private-cache
	47	private-dev
	48	# private-etc alternatives,asound.conf,ca-certificates,crypto-policies,fonts,machine-id,pki,pulse,ssl
	49	private-tmp
	50
	51	# makes settings immutable
	52	# dbus-user none
	53	# dbus-system none