From 40a51e179d90f54a20c539567adeed1ea0b94d78 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Tue, 8 Aug 2017 21:31:50 +0200
Subject: various little profile fixes and enhancements (#1442)

* add novideo

* add novideo

* add novideo

* put noexec last

* blacklist Clementine configuration and database

* blacklist Clementine configuration and database

* add novideo

* add novideo, permit access to ~/.java

* add novideo

* spoof machine-id

* mimeapps.list is already in whitelist-common.inc

* ~/.local/share/applications is already read-only

see disable-common.inc

* mimeapps.list is already in whitelist-common.inc

* ~/.local/share/applications is already read-only

see disable-common.inc

* drop machine-id option

private-etc hides it anyway
---
 etc/mediathekview.profile | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'etc/mediathekview.profile')

diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
index 5e980909b..bebe95a72 100644
--- a/etc/mediathekview.profile
+++ b/etc/mediathekview.profile
@@ -6,6 +6,7 @@ include /etc/firejail/mediathekview.local
 include /etc/firejail/globals.local
 
 noblacklist ~/.config/vlc
+noblacklist ~/.java
 noblacklist ~/.mediathek3
 
 include /etc/firejail/disable-common.inc
@@ -17,6 +18,7 @@ caps.drop all
 netfilter
 nonewprivs
 noroot
+novideo
 protocol unix,inet,inet6
 seccomp
 tracelog
-- 
cgit v1.2.3-54-g00ecf