2 files changed, 51 insertions, 0 deletions
diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index abca8d8ec..10d8b0463 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -221,6 +221,7 @@ blacklist ${HOME}/.config/opera
 blacklist ${HOME}/.config/opera-beta
 blacklist ${HOME}/.config/orage
 blacklist ${HOME}/.config/org.kde.gwenviewrc
+blacklist ${HOME}/.config/pavucontrol.ini
 blacklist ${HOME}/.config/pcmanfm
 blacklist ${HOME}/.config/pdfmod
 blacklist ${HOME}/.config/Pinta
diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile
new file mode 100644
index 000000000..5d0cf2238
--- /dev/null
+++ b/etc/pavucontrol.profile
@@ -0,0 +1,50 @@
+# Firejail profile for pavucontrol
+# Description: PulseAudio Volume Control
+# This file is overwritten after every install/update
+# Persistent local customizations
+include pavucontrol.local
+# Persistent global definitions
+include globals.local
+noblacklist ${HOME}/.config/pavucontrol.ini
+include disable-common.inc
+include disable-devel.inc
+include disable-interpreters.inc
+include disable-passwdmgr.inc
+include disable-programs.inc
+include disable-xdg.inc
+include whitelist-common.inc
+include whitelist-var-common.inc
+apparmor
+caps.drop all
+ipc-namespace
+machine-id
+net none
+no3d
+nodbus
+nodvd
+nogroups
+nonewprivs
+noroot
+# nosound
+notv
+nou2f
+novideo
+protocol unix
+seccomp
+shell none
+disable-mnt
+private-bin pavucontrol
+private-cache
+private-dev
+private-etc alternatives,asound.conf,fonts,pulse
+private-lib
+private-tmp
+memory-deny-write-execute
+noexec ${HOME}
+noexec /tmp

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index abca8d8ec..10d8b0463 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc
@@ -221,6 +221,7 @@ blacklist ${HOME}/.config/opera
221	blacklist ${HOME}/.config/opera-beta	221	blacklist ${HOME}/.config/opera-beta
222	blacklist ${HOME}/.config/orage	222	blacklist ${HOME}/.config/orage
223	blacklist ${HOME}/.config/org.kde.gwenviewrc	223	blacklist ${HOME}/.config/org.kde.gwenviewrc
		224	blacklist ${HOME}/.config/pavucontrol.ini
224	blacklist ${HOME}/.config/pcmanfm	225	blacklist ${HOME}/.config/pcmanfm
225	blacklist ${HOME}/.config/pdfmod	226	blacklist ${HOME}/.config/pdfmod
226	blacklist ${HOME}/.config/Pinta	227	blacklist ${HOME}/.config/Pinta


diff --git a/etc/pavucontrol.profile b/etc/pavucontrol.profile new file mode 100644 index 000000000..5d0cf2238 --- /dev/null +++ b/etc/pavucontrol.profile
@@ -0,0 +1,50 @@
		1	# Firejail profile for pavucontrol
		2	# Description: PulseAudio Volume Control
		3	# This file is overwritten after every install/update
		4	# Persistent local customizations
		5	include pavucontrol.local
		6	# Persistent global definitions
		7	include globals.local
		8
		9	noblacklist ${HOME}/.config/pavucontrol.ini
		10
		11	include disable-common.inc
		12	include disable-devel.inc
		13	include disable-interpreters.inc
		14	include disable-passwdmgr.inc
		15	include disable-programs.inc
		16	include disable-xdg.inc
		17
		18	include whitelist-common.inc
		19	include whitelist-var-common.inc
		20
		21	apparmor
		22	caps.drop all
		23	ipc-namespace
		24	machine-id
		25	net none
		26	no3d
		27	nodbus
		28	nodvd
		29	nogroups
		30	nonewprivs
		31	noroot
		32	# nosound
		33	notv
		34	nou2f
		35	novideo
		36	protocol unix
		37	seccomp
		38	shell none
		39
		40	disable-mnt
		41	private-bin pavucontrol
		42	private-cache
		43	private-dev
		44	private-etc alternatives,asound.conf,fonts,pulse
		45	private-lib
		46	private-tmp
		47
		48	memory-deny-write-execute
		49	noexec ${HOME}
		50	noexec /tmp