From e16f469ac81af9023b89127c6978cd519d3bb78f Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 11 Oct 2018 06:23:48 +0000 Subject: Create QMediathekView --- etc/QMediathekView | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 etc/QMediathekView (limited to 'etc') diff --git a/etc/QMediathekView b/etc/QMediathekView new file mode 100644 index 000000000..558f62f0e --- /dev/null +++ b/etc/QMediathekView @@ -0,0 +1,54 @@ +# Firejail profile for QMediathekView +# Description: Search, download or stream files from mediathek.de +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/QMediathekView.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.config/QMediathekView +noblacklist ${HOME}/.local/share/QMediathekView + +noblacklist ${HOME}/.config/mpv +noblacklist ${HOME}/.config/smplayer +noblacklist ${HOME}/.config/totem +noblacklist ${HOME}/.config/vlc +noblacklist ${HOME}/.config/xplayer +noblacklist ${HOME}/.local/share/totem +noblacklist ${HOME}/.local/share/xplayer +noblacklist ${HOME}/.mplayer + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +include /etc/firejail/whitelist-var-common.inc + +caps.drop all +netfilter +# no3d +# nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer +private-cache +private-dev +# private-etc none +# private-lib +private-tmp + +# memory-deny-write-execute - breaks on Arch +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf From 985ed288a44770118970d673b57732460d968eef Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 11 Oct 2018 06:26:03 +0000 Subject: Update disable-programs.inc --- etc/disable-programs.inc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'etc') diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 1213e4f24..15499930d 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -70,6 +70,7 @@ blacklist ${HOME}/.config/MuseScore blacklist ${HOME}/.config/MusicBrainz blacklist ${HOME}/.config/Nylas Mail blacklist ${HOME}/.config/Qlipper +blacklist ${HOME}/.config/QMediathekView blacklist ${HOME}/.config/QuiteRss blacklist ${HOME}/.config/QuiteRssrc blacklist ${HOME}/.config/Rambox @@ -360,6 +361,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease blacklist ${HOME}/.local/share/Empathy blacklist ${HOME}/.local/share/JetBrains blacklist ${HOME}/.local/share/Mumble +blacklist ${HOME}/.local/share/QMediathekView blacklist ${HOME}/.local/share/QuiteRss blacklist ${HOME}/.local/share/Ricochet blacklist ${HOME}/.local/share/Steam -- cgit v1.2.3-54-g00ecf From 31f52f6165c6c67f66620627c266dad560e9ade3 Mon Sep 17 00:00:00 2001 From: glitsj16 Date: Thu, 11 Oct 2018 07:04:24 +0000 Subject: Rename QMediathekView to QMediathekView.profile --- etc/QMediathekView | 54 ---------------------------------------------- etc/QMediathekView.profile | 54 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 54 deletions(-) delete mode 100644 etc/QMediathekView create mode 100644 etc/QMediathekView.profile (limited to 'etc') diff --git a/etc/QMediathekView b/etc/QMediathekView deleted file mode 100644 index 558f62f0e..000000000 --- a/etc/QMediathekView +++ /dev/null @@ -1,54 +0,0 @@ -# Firejail profile for QMediathekView -# Description: Search, download or stream files from mediathek.de -# This file is overwritten after every install/update -# Persistent local customizations -include /etc/firejail/QMediathekView.local -# Persistent global definitions -include /etc/firejail/globals.local - -noblacklist ${HOME}/.config/QMediathekView -noblacklist ${HOME}/.local/share/QMediathekView - -noblacklist ${HOME}/.config/mpv -noblacklist ${HOME}/.config/smplayer -noblacklist ${HOME}/.config/totem -noblacklist ${HOME}/.config/vlc -noblacklist ${HOME}/.config/xplayer -noblacklist ${HOME}/.local/share/totem -noblacklist ${HOME}/.local/share/xplayer -noblacklist ${HOME}/.mplayer - -include /etc/firejail/disable-common.inc -include /etc/firejail/disable-devel.inc -include /etc/firejail/disable-interpreters.inc -include /etc/firejail/disable-passwdmgr.inc -include /etc/firejail/disable-programs.inc - -include /etc/firejail/whitelist-var-common.inc - -caps.drop all -netfilter -# no3d -# nodbus -nodvd -nogroups -nonewprivs -noroot -notv -nou2f -protocol unix,inet,inet6 -seccomp -shell none -tracelog - -disable-mnt -private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer -private-cache -private-dev -# private-etc none -# private-lib -private-tmp - -# memory-deny-write-execute - breaks on Arch -noexec ${HOME} -noexec /tmp diff --git a/etc/QMediathekView.profile b/etc/QMediathekView.profile new file mode 100644 index 000000000..558f62f0e --- /dev/null +++ b/etc/QMediathekView.profile @@ -0,0 +1,54 @@ +# Firejail profile for QMediathekView +# Description: Search, download or stream files from mediathek.de +# This file is overwritten after every install/update +# Persistent local customizations +include /etc/firejail/QMediathekView.local +# Persistent global definitions +include /etc/firejail/globals.local + +noblacklist ${HOME}/.config/QMediathekView +noblacklist ${HOME}/.local/share/QMediathekView + +noblacklist ${HOME}/.config/mpv +noblacklist ${HOME}/.config/smplayer +noblacklist ${HOME}/.config/totem +noblacklist ${HOME}/.config/vlc +noblacklist ${HOME}/.config/xplayer +noblacklist ${HOME}/.local/share/totem +noblacklist ${HOME}/.local/share/xplayer +noblacklist ${HOME}/.mplayer + +include /etc/firejail/disable-common.inc +include /etc/firejail/disable-devel.inc +include /etc/firejail/disable-interpreters.inc +include /etc/firejail/disable-passwdmgr.inc +include /etc/firejail/disable-programs.inc + +include /etc/firejail/whitelist-var-common.inc + +caps.drop all +netfilter +# no3d +# nodbus +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +disable-mnt +private-bin QMediathekView,mplayer,mpv,smplayer,totem,vlc,xplayer +private-cache +private-dev +# private-etc none +# private-lib +private-tmp + +# memory-deny-write-execute - breaks on Arch +noexec ${HOME} +noexec /tmp -- cgit v1.2.3-54-g00ecf