From e84d6f846f37f12dbad245dc0d35410470183845 Mon Sep 17 00:00:00 2001 From: kortewegdevries Date: Mon, 27 Jul 2020 11:09:12 +0530 Subject: [PATCH 1/2] Added minitube profile Initial --- etc/inc/disable-programs.inc | 3 ++ etc/profile-m-z/minitube.profile | 61 ++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 65 insertions(+) create mode 100644 etc/profile-m-z/minitube.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index 996f0257791..a141e400402 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -85,6 +85,7 @@ blacklist ${HOME}/.config/Element blacklist ${HOME}/.config/Element (Riot) blacklist ${HOME}/.config/Enox blacklist ${HOME}/.config/Ferdi +blacklist ${HOME}/.config/Flavio Tordini blacklist ${HOME}/.config/Franz blacklist ${HOME}/.config/FreeCAD blacklist ${HOME}/.config/FreeTube @@ -529,6 +530,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease blacklist ${HOME}/.local/share/Anki2 blacklist ${HOME}/.local/share/Empathy blacklist ${HOME}/.local/share/Enpass +blacklist ${HOME}/.local/share/Flavio Tordini blacklist ${HOME}/.local/share/JetBrains blacklist ${HOME}/.local/share/Kingsoft blacklist ${HOME}/.local/share/Mendeley Ltd. @@ -808,6 +810,7 @@ blacklist ${HOME}/.cache/Clementine blacklist ${HOME}/.cache/Enox blacklist ${HOME}/.cache/Enpass blacklist ${HOME}/.cache/Ferdi +blacklist ${HOME}/.cache/Flavio Tordini blacklist ${HOME}/.cache/Franz blacklist ${HOME}/.cache/INRIA blacklist ${HOME}/.cache/MusicBrainz diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile new file mode 100644 index 00000000000..dbe0a2ef888 --- /dev/null +++ b/etc/profile-m-z/minitube.profile @@ -0,0 +1,61 @@ +# Firejail profile for minitube +# Description: Native Youtube viewer for Linux +# This file is overwritten after every install/update +# Persistent local customizations +include minitube.local +# Persistent global definitions +include globals.local + +noblacklist ${PICTURES} +noblacklist ${HOME}/.cache/Flavio Tordini +noblacklist ${HOME}/.config/Flavio Tordini +noblacklist ${HOME}/.local/share/Flavio Tordini + +include allow-lua.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/Flavio Tordini +mkdir ${HOME}/.config/Flavio Tordini +mkdir ${HOME}/.local/share/Flavio Tordini +whitelist ${PICTURES} +whitelist ${HOME}/.cache/Flavio Tordini +whitelist ${HOME}/.config/Flavio Tordini +whitelist ${HOME}/.local/share/Flavio Tordini +whitelist /usr/share/minitube +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +no3d +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin minitube +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 07887a39661..7021ff4e4c4 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -454,6 +454,7 @@ midori min mindless minetest +minitube mirrormagic mocp mousepad From 369e7d36502cbf788874a55a8a9b3ced4a26a8c7 Mon Sep 17 00:00:00 2001 From: kortewegdevries Date: Mon, 27 Jul 2020 13:47:52 +0530 Subject: [PATCH 2/2] Second Removed no3d,added novideo --- etc/profile-m-z/minitube.profile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile index dbe0a2ef888..2c70978a9cd 100644 --- a/etc/profile-m-z/minitube.profile +++ b/etc/profile-m-z/minitube.profile @@ -38,13 +38,13 @@ include whitelist-var-common.inc apparmor caps.drop all netfilter -no3d nodvd nogroups nonewprivs noroot notv nou2f +novideo protocol unix,inet,inet6,netlink seccomp shell none