From 1a13b12cde52c11b8d31c247b033b475e329fcbf Mon Sep 17 00:00:00 2001 From: smitsohu Date: Thu, 10 Aug 2017 16:11:42 +0200 Subject: more novideo options, enhanced mediathekview (#1451) * add disable-mnt * support alternative media players * add novideo * fix comment, add novideo * drop disable-mnt saving to mounted locations is legitimate use --- etc/dolphin.profile | 3 ++- etc/k3b.profile | 1 + etc/kate.profile | 1 + etc/keepass.profile | 1 + etc/keepassx.profile | 1 + etc/keepassx2.profile | 1 + etc/kwrite.profile | 1 + etc/mediathekview.profile | 5 +++++ etc/pdftotext.profile | 1 + 9 files changed, 14 insertions(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/dolphin.profile b/etc/dolphin.profile index 93acbd09e..bef7e0534 100644 --- a/etc/dolphin.profile +++ b/etc/dolphin.profile @@ -14,6 +14,7 @@ noblacklist ~/.local/share/dolphin include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc include /etc/firejail/disable-passwdmgr.inc +# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files # include /etc/firejail/disable-programs.inc caps.drop all @@ -21,11 +22,11 @@ netfilter nogroups nonewprivs noroot +novideo protocol unix seccomp shell none -# dolphin needs to be able to start arbitrary applications so we cannot blacklist their files # private-bin # private-dev # private-etc diff --git a/etc/k3b.profile b/etc/k3b.profile index c2aed68c9..5c3e2f717 100644 --- a/etc/k3b.profile +++ b/etc/k3b.profile @@ -19,6 +19,7 @@ no3d nonewprivs noroot nosound +novideo protocol unix seccomp shell none diff --git a/etc/kate.profile b/etc/kate.profile index 12d9127b4..667ad34a9 100644 --- a/etc/kate.profile +++ b/etc/kate.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot nosound +novideo protocol unix seccomp shell none diff --git a/etc/keepass.profile b/etc/keepass.profile index 543bc01eb..a52344ed0 100644 --- a/etc/keepass.profile +++ b/etc/keepass.profile @@ -25,6 +25,7 @@ nogroups nonewprivs noroot nosound +novideo protocol unix,inet,inet6 seccomp shell none diff --git a/etc/keepassx.profile b/etc/keepassx.profile index 892dd7053..2ffb375ea 100644 --- a/etc/keepassx.profile +++ b/etc/keepassx.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot nosound +novideo protocol unix seccomp shell none diff --git a/etc/keepassx2.profile b/etc/keepassx2.profile index ab56e0317..dc73b7a3e 100644 --- a/etc/keepassx2.profile +++ b/etc/keepassx2.profile @@ -22,6 +22,7 @@ nogroups nonewprivs noroot nosound +novideo protocol unix seccomp shell none diff --git a/etc/kwrite.profile b/etc/kwrite.profile index b6406cc0d..9b75bc6bf 100644 --- a/etc/kwrite.profile +++ b/etc/kwrite.profile @@ -23,6 +23,7 @@ nogroups nonewprivs noroot # nosound - KWrite is using ALSA! +novideo protocol unix seccomp shell none diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile index bebe95a72..b6f8c7cb5 100644 --- a/etc/mediathekview.profile +++ b/etc/mediathekview.profile @@ -5,9 +5,14 @@ include /etc/firejail/mediathekview.local # Persistent global definitions include /etc/firejail/globals.local +noblacklist ~/.config/mpv +noblacklist ~/.config/smplayer +noblacklist ~/.config/totem noblacklist ~/.config/vlc noblacklist ~/.java +noblacklist ~/.local/share/totem noblacklist ~/.mediathek3 +noblacklist ~/.mplayer include /etc/firejail/disable-common.inc include /etc/firejail/disable-devel.inc diff --git a/etc/pdftotext.profile b/etc/pdftotext.profile index 89fb295dd..8d3756db6 100644 --- a/etc/pdftotext.profile +++ b/etc/pdftotext.profile @@ -19,6 +19,7 @@ nogroups nonewprivs noroot nosound +novideo protocol unix seccomp shell none -- cgit v1.2.3-54-g00ecf