From 1c233b53600852aaa66304c153bf94bfc33c3e63 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Tue, 25 Jul 2023 19:42:22 +0000 Subject: spotify: D-Bus hardening (#5923) --- etc/profile-m-z/spotify.profile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'etc/profile-m-z') diff --git a/etc/profile-m-z/spotify.profile b/etc/profile-m-z/spotify.profile index f07b10319..c893a92fb 100644 --- a/etc/profile-m-z/spotify.profile +++ b/etc/profile-m-z/spotify.profile @@ -16,6 +16,7 @@ include disable-common.inc include disable-devel.inc include disable-exec.inc include disable-interpreters.inc +include disable-proc.inc include disable-programs.inc mkdir ${HOME}/.cache/spotify @@ -34,6 +35,7 @@ nodvd nogroups noinput nonewprivs +noprinters noroot notv nou2f @@ -50,8 +52,11 @@ private-opt spotify private-srv none private-tmp -# dbus needed for MPRIS -# dbus-user none -# dbus-system none +dbus-user filter +dbus-user.own org.mpris.MediaPlayer2.spotify +dbus-user.talk org.freedesktop.Notifications +dbus-user.talk org.freedesktop.secrets +dbus-user.talk org.mpris.MediaPlayer2.Player +dbus-system none restrict-namespaces -- cgit v1.2.3-70-g09d2