From e491d1f88d661332728fe6dd542cdcc16bc1505a Mon Sep 17 00:00:00 2001 From: kortewegdevries <62639087+kortewegdevries@users.noreply.github.com> Date: Fri, 31 Jul 2020 02:09:18 +0530 Subject: [PATCH] Added minitube profile (#3555) * Added minitube profile Initial * Second Removed no3d,added novideo --- etc/inc/disable-programs.inc | 3 ++ etc/profile-m-z/minitube.profile | 61 ++++++++++++++++++++++++++++++++ src/firecfg/firecfg.config | 1 + 3 files changed, 65 insertions(+) create mode 100644 etc/profile-m-z/minitube.profile diff --git a/etc/inc/disable-programs.inc b/etc/inc/disable-programs.inc index ebb9236c9cd..5ffc293a15d 100644 --- a/etc/inc/disable-programs.inc +++ b/etc/inc/disable-programs.inc @@ -85,6 +85,7 @@ blacklist ${HOME}/.config/Element blacklist ${HOME}/.config/Element (Riot) blacklist ${HOME}/.config/Enox blacklist ${HOME}/.config/Ferdi +blacklist ${HOME}/.config/Flavio Tordini blacklist ${HOME}/.config/Franz blacklist ${HOME}/.config/FreeCAD blacklist ${HOME}/.config/FreeTube @@ -530,6 +531,7 @@ blacklist ${HOME}/.local/share/3909/PapersPlease blacklist ${HOME}/.local/share/Anki2 blacklist ${HOME}/.local/share/Empathy blacklist ${HOME}/.local/share/Enpass +blacklist ${HOME}/.local/share/Flavio Tordini blacklist ${HOME}/.local/share/JetBrains blacklist ${HOME}/.local/share/Kingsoft blacklist ${HOME}/.local/share/Mendeley Ltd. @@ -810,6 +812,7 @@ blacklist ${HOME}/.cache/Clementine blacklist ${HOME}/.cache/Enox blacklist ${HOME}/.cache/Enpass blacklist ${HOME}/.cache/Ferdi +blacklist ${HOME}/.cache/Flavio Tordini blacklist ${HOME}/.cache/Franz blacklist ${HOME}/.cache/INRIA blacklist ${HOME}/.cache/MusicBrainz diff --git a/etc/profile-m-z/minitube.profile b/etc/profile-m-z/minitube.profile new file mode 100644 index 00000000000..2c70978a9cd --- /dev/null +++ b/etc/profile-m-z/minitube.profile @@ -0,0 +1,61 @@ +# Firejail profile for minitube +# Description: Native Youtube viewer for Linux +# This file is overwritten after every install/update +# Persistent local customizations +include minitube.local +# Persistent global definitions +include globals.local + +noblacklist ${PICTURES} +noblacklist ${HOME}/.cache/Flavio Tordini +noblacklist ${HOME}/.config/Flavio Tordini +noblacklist ${HOME}/.local/share/Flavio Tordini + +include allow-lua.inc + +include disable-common.inc +include disable-devel.inc +include disable-exec.inc +include disable-interpreters.inc +include disable-passwdmgr.inc +include disable-programs.inc +include disable-shell.inc +include disable-xdg.inc + +mkdir ${HOME}/.cache/Flavio Tordini +mkdir ${HOME}/.config/Flavio Tordini +mkdir ${HOME}/.local/share/Flavio Tordini +whitelist ${PICTURES} +whitelist ${HOME}/.cache/Flavio Tordini +whitelist ${HOME}/.config/Flavio Tordini +whitelist ${HOME}/.local/share/Flavio Tordini +whitelist /usr/share/minitube +include whitelist-common.inc +include whitelist-runuser-common.inc +include whitelist-usr-share-common.inc +include whitelist-var-common.inc + +apparmor +caps.drop all +netfilter +nodvd +nogroups +nonewprivs +noroot +notv +nou2f +novideo +protocol unix,inet,inet6,netlink +seccomp +shell none +tracelog + +disable-mnt +private-bin minitube +private-cache +private-dev +private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,drirc,fonts,gtk-2.0,gtk-3.0,host.conf,hostname,hosts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,mime.types,nsswitch.conf,pki,pulse,resolv.conf,selinux,ssl,X11,xdg +private-tmp + +dbus-user none +dbus-system none diff --git a/src/firecfg/firecfg.config b/src/firecfg/firecfg.config index 4eac4b4223b..efcb8f67ade 100644 --- a/src/firecfg/firecfg.config +++ b/src/firecfg/firecfg.config @@ -455,6 +455,7 @@ min mindless minecraft-launcher minetest +minitube mirrormagic mocp mousepad