From 5dbdf657bdaafbb1dd1643b2115232a02b328286 Mon Sep 17 00:00:00 2001 From: netblue30 Date: Thu, 19 Mar 2020 15:30:08 -0400 Subject: new profiles: ripperx, sound-juicer --- etc/asunder.profile | 4 ++++ etc/disable-programs.inc | 2 ++ etc/ripperx.profile | 41 +++++++++++++++++++++++++++++++++++++++++ etc/sound-juicer.profile | 41 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 88 insertions(+) create mode 100644 etc/ripperx.profile create mode 100644 etc/sound-juicer.profile (limited to 'etc') diff --git a/etc/asunder.profile b/etc/asunder.profile index 1f3acd735..fceac7cf9 100644 --- a/etc/asunder.profile +++ b/etc/asunder.profile @@ -20,21 +20,25 @@ include disable-passwdmgr.inc include disable-programs.inc include disable-xdg.inc +include whitelist-usr-share-common.inc include whitelist-var-common.inc apparmor caps.drop all netfilter +no3d nodbus # nogroups nonewprivs noroot nou2f +notv novideo protocol unix,inet,inet6 seccomp shell none +private-cache private-dev private-tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0786ba7d2..b54c1cce3 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -305,6 +305,7 @@ blacklist ${HOME}/.config/slimjet blacklist ${HOME}/.config/smplayer blacklist ${HOME}/.config/smtube blacklist ${HOME}/.config/snox +blacklist ${HOME}/.config/sound-juicer blacklist ${HOME}/.config/specialmailcollectionsrc blacklist ${HOME}/.config/spotify blacklist ${HOME}/.config/sqlitebrowser @@ -650,6 +651,7 @@ blacklist ${HOME}/.remmina blacklist ${HOME}/.repo_.gitconfig.json blacklist ${HOME}/.repoconfig blacklist ${HOME}/.retroshare +blacklist ${HOME}/.ripperXrc blacklist ${HOME}/.scorched3d blacklist ${HOME}/.scribus blacklist ${HOME}/.scribusrc diff --git a/etc/ripperx.profile b/etc/ripperx.profile new file mode 100644 index 000000000..b572aa1b4 --- /dev/null +++ b/etc/ripperx.profile @@ -0,0 +1,41 @@ +# Firejail profile for mpv +# Description: Graphical audio CD ripper and encoder +# This file is overwritten after every install/update +# Persistent local customizations +include ripperx.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.ripperXrc +noblacklist ${MUSIC} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +nodbus +nogroups +nonewprivs +noroot +nou2f +notv +novideo +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp diff --git a/etc/sound-juicer.profile b/etc/sound-juicer.profile new file mode 100644 index 000000000..ebd321573 --- /dev/null +++ b/etc/sound-juicer.profile @@ -0,0 +1,41 @@ +# Firejail profile for mpv +# Description: Graphical audio CD ripper and encoder +# This file is overwritten after every install/update +# Persistent local customizations +include sound-juicer.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/sound-juicer +noblacklist ${MUSIC} + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +#nodbus +nogroups +nonewprivs +noroot +nosound +nou2f +notv +novideo +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +private-cache +private-dev +private-tmp -- cgit v1.2.3-70-g09d2