From a5df0070fff2771ff2821e07fca9b57801079146 Mon Sep 17 00:00:00 2001
From: smitsohu <smitsohu@gmail.com>
Date: Thu, 14 Sep 2017 16:36:04 +0200
Subject: goobox enhancements (permit metadata retrieval)

1) We should permit internet access, as Goobox retrieves metadata via cddb-slave2 2) We can safely enable private-dev after the introduction of nodvd
---
 etc/goobox.profile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'etc')

diff --git a/etc/goobox.profile b/etc/goobox.profile
index 60ffe0594..98514ce8d 100644
--- a/etc/goobox.profile
+++ b/etc/goobox.profile
@@ -13,17 +13,18 @@ include /etc/firejail/disable-programs.inc
 
 caps.drop all
 netfilter
+no3d
 nogroups
 nonewprivs
 noroot
 notv
 novideo
-protocol unix
+protocol unix,inet,inet6
 seccomp
 shell none
 tracelog
 
 # private-bin goobox
-# private-dev
+private-dev
 # private-etc fonts
 # private-tmp
-- 
cgit v1.2.3-54-g00ecf