From 2341381cda5989f033b5e10622f2e523e5d395f5 Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Tue, 26 Feb 2019 18:02:23 +0100 Subject: gnome-mpv -> celluloid --- etc/celluloid.profile | 51 ++++++++++++++++++++++++++++++++++++++++++++++++ etc/disable-programs.inc | 1 + etc/gnome-mpv.profile | 46 +++---------------------------------------- 3 files changed, 55 insertions(+), 43 deletions(-) create mode 100644 etc/celluloid.profile (limited to 'etc') diff --git a/etc/celluloid.profile b/etc/celluloid.profile new file mode 100644 index 000000000..c4f49aed0 --- /dev/null +++ b/etc/celluloid.profile @@ -0,0 +1,51 @@ +# Firejail profile for celluloid +# Description: Simple GTK+ frontend for mpv +# This file is overwritten after every install/update +# Persistent local customizations +include celluloid.local +# Persistent global definitions +include globals.local + +noblacklist ${HOME}/.config/gnome-mpv +noblacklist ${HOME}/.config/celluloid +noblacklist ${MUSIC} +noblacklist ${VIDEOS} + +# Allow python (blacklisted by disable-interpreters.inc) +noblacklist ${PATH}/python2* +noblacklist ${PATH}/python3* +noblacklist /usr/lib/python2* +noblacklist /usr/lib/python3* +noblacklist /usr/local/lib/python2* +noblacklist /usr/local/lib/python3* + +include disable-common.inc +include disable-devel.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-xdg.inc + +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodbus +nogroups +nonewprivs +noroot +nou2f +protocol unix,inet,inet6 +seccomp +shell none +tracelog + +private-bin celluloid,gnome-mpv,youtube-dl,python*,env +private-cache +private-etc alternatives +private-dev +private-tmp + +noexec ${HOME} +noexec /tmp diff --git a/etc/disable-programs.inc b/etc/disable-programs.inc index 0c7a8b020..6bac74bd6 100644 --- a/etc/disable-programs.inc +++ b/etc/disable-programs.inc @@ -117,6 +117,7 @@ blacklist ${HOME}/.config/brave blacklist ${HOME}/.config/caja blacklist ${HOME}/.config/calibre blacklist ${HOME}/.config/catfish +blacklist ${HOME}/.config/celluloid blacklist ${HOME}/.config/cherrytree blacklist ${HOME}/.config/chromium blacklist ${HOME}/.config/chromium-dev diff --git a/etc/gnome-mpv.profile b/etc/gnome-mpv.profile index 9bac59caf..f5d652732 100644 --- a/etc/gnome-mpv.profile +++ b/etc/gnome-mpv.profile @@ -1,45 +1,5 @@ -# Firejail profile for gnome-mpv -# Description: Simple GTK+ frontend for mpv +# Firejail profile alias for celluloid (formerly GNOME MPV) # This file is overwritten after every install/update -# Persistent local customizations -include gnome-mpv.local -# Persistent global definitions -include globals.local -noblacklist ${HOME}/.config/gnome-mpv -noblacklist ${MUSIC} -noblacklist ${VIDEOS} - -# Allow python (blacklisted by disable-interpreters.inc) -noblacklist ${PATH}/python2* -noblacklist ${PATH}/python3* -noblacklist /usr/lib/python2* -noblacklist /usr/lib/python3* -noblacklist /usr/local/lib/python2* -noblacklist /usr/local/lib/python3* - -include disable-common.inc -include disable-devel.inc -include disable-interpreters.inc -include disable-passwdmgr.inc -include disable-programs.inc -include disable-xdg.inc - -include whitelist-var-common.inc - -caps.drop all -nodbus -nogroups -nonewprivs -noroot -nou2f -protocol unix,inet,inet6 -seccomp -shell none - -private-bin gnome-mpv,youtube-dl,python*,env -private-dev -private-tmp - -noexec ${HOME} -noexec /tmp +# Redirect +include celluloid.profile -- cgit v1.2.3-54-g00ecf From ca86110d1fff3db73df9866be6c1c2ccf4f0b05c Mon Sep 17 00:00:00 2001 From: rusty-snake Date: Wed, 27 Feb 2019 16:26:16 +0100 Subject: celluloid.profile: add private-etc --- etc/celluloid.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'etc') diff --git a/etc/celluloid.profile b/etc/celluloid.profile index c4f49aed0..1f61ff9f5 100644 --- a/etc/celluloid.profile +++ b/etc/celluloid.profile @@ -43,7 +43,7 @@ tracelog private-bin celluloid,gnome-mpv,youtube-dl,python*,env private-cache -private-etc alternatives +private-etc alternatives,ca-certificates,ssl,pki,pkcs11,hosts,machine-id,localtime,libva.conf,drirc,fonts,gtk-3.0,dconf,crypto-policies,xdg,selinux,resolv.conf private-dev private-tmp -- cgit v1.2.3-54-g00ecf