From 6e23a6dd6367ad8240601a5fc32fb75ce5f64e07 Mon Sep 17 00:00:00 2001
From: SYN-cook <syncookongit@gmail.com>
Date: Mon, 3 Apr 2017 23:28:50 +0200
Subject: mediathekview profile (#1190)

* create mediathekview.profile

* update mediathekview

* update mediathekview

* blacklist mediathekview

* add mediathekview

* add mediathekview
---
 etc/disable-programs.inc  |  1 +
 etc/mediathekview.profile | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 etc/mediathekview.profile

(limited to 'etc')

diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc
index da80376d1..032d50b36 100644
--- a/etc/disable-programs.inc
+++ b/etc/disable-programs.inc
@@ -236,6 +236,7 @@ blacklist ${HOME}/.local/share/zathura
 blacklist ${HOME}/.lv2
 blacklist ${HOME}/.mcabber
 blacklist ${HOME}/.mcabberrc
+blacklist ${HOME}/.mediathek3
 blacklist ${HOME}/.mozilla
 blacklist ${HOME}/.mozilla/seamonkey
 blacklist ${HOME}/.mpdconf
diff --git a/etc/mediathekview.profile b/etc/mediathekview.profile
new file mode 100644
index 000000000..ec5b507ae
--- /dev/null
+++ b/etc/mediathekview.profile
@@ -0,0 +1,25 @@
+# This file is overwritten during software install.
+# Persistent customizations should go in a .local file.
+include /etc/firejail/mediathekview.local
+
+# MediathekView profile
+noblacklist ~/.mediathek3
+noblacklist ~/.config/vlc
+include /etc/firejail/disable-common.inc
+include /etc/firejail/disable-programs.inc
+include /etc/firejail/disable-devel.inc
+include /etc/firejail/disable-passwdmgr.inc
+
+caps.drop all
+netfilter
+nonewprivs
+noroot
+protocol unix,inet,inet6
+seccomp
+tracelog
+
+noexec ${HOME}
+noexec /tmp
+
+private-dev
+private-tmp
-- 
cgit v1.2.3-70-g09d2