From 2341381cda5989f033b5e10622f2e523e5d395f5 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Tue, 26 Feb 2019 18:02:23 +0100 Subject: gnome-mpv -> celluloid --- etc/celluloid.profile | 51 ++++++++++++++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 1 + etc/gnome-mpv.profile | 46 +++-------------------------------------- src/firecfg/firecfg.config | 1 + 4 files changed, 56 insertions(+), 43 deletions(-) create mode 100644 etc/celluloid.profile diff --git a/etc/celluloid.profile b/etc/celluloid.profile new file mode 100644 index 000000000..c4f49aed0 --- /dev/null +++ b/etc/celluloid.profile @@ -0,0 +1,51 @@ +# Firejail profile for celluloid +# Description: Simple GTK+ frontend for mpv +# This file is overwritten after every install/update +# Persistent local customizations +include celluloid.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/gnome-mpv +noblacklist ${HOME}/.config/celluloid +noblacklist ${MUSIC} +noblacklist ${VIDEOS} + +# Allow python (blacklisted by disable-interpreters.inc) +noblacklist ${PATH}/python2* +noblacklist ${PATH}/python3* +noblacklist /usr/lib/python2* +noblacklist /usr/lib/python3* +noblacklist /usr/local/lib/python2* +noblacklist /usr/local/lib/python3* + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodbus +nogroups +nonewprivs +noroot +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-bin celluloid,gnome-mpv,youtube-dl,python*,env +private-cache +private-etc alternatives +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0c7a8b020..6bac74bd6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -117,6 +117,7 @@ blacklist ${HOME}/.config/brave blacklist ${HOME}/.config/caja blacklist ${HOME}/.config/calibre blacklist ${HOME}/.config/catfish +blacklist ${HOME}/.config/celluloid blacklist ${HOME}/.config/cherrytree blacklist ${HOME}/.config/chromium blacklist ${HOME}/.config/chromium-dev diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index 9bac59caf..f5d652732 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile @@ -1,45 +1,5 @@ -# Firejail profile for gnome-mpv -# Description: Simple GTK+ frontend for mpv +# Firejail profile alias for celluloid (formerly GNOME MPV) # This file is overwritten after every install/update -# Persistent local customizations -include gnome-mpv.local -# Persistent global definitions -include globals.local -noblacklist ${HOME}/.config/gnome-mpv -noblacklist ${MUSIC} -noblacklist ${VIDEOS} - -# Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* - -include disable-common.inc -include disable-devel.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc -include disable-xdg.inc - -include whitelist-var-common.inc - -caps.drop all -nodbus -nogroups -nonewprivs -noroot -nou2f -protocol unix,inet,inet6 -seccomp -shell none - -private-bin gnome-mpv,youtube-dl,python*,env -private-dev -private-tmp - -noexec ${HOME} -noexec /tmp +# Redirect +include celluloid.profile diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 2becb8050..924392032 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -76,6 +76,7 @@ calligrasheets calligrastage calligrawords catfish +celluloid cherrytree chromium chromium-browser -- cgit v1.2.3-54-g00ecf