gnome-mpv.profile 974 Bytes
Newer Older
1 2
# Firejail profile for gnome-mpv
# Description: Simple GTK+ frontend for mpv
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include gnome-mpv.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
8

9 10 11
noblacklist ${HOME}/.config/gnome-mpv
noblacklist ${MUSIC}
noblacklist ${VIDEOS}
12

13 14 15 16 17 18 19
# Allow python (blacklisted by disable-interpreters.inc)
noblacklist ${PATH}/python2*
noblacklist ${PATH}/python3*
noblacklist /usr/lib/python2*
noblacklist /usr/lib/python3*
noblacklist /usr/local/lib/python2*
noblacklist /usr/local/lib/python3*
20

21 22 23 24 25 26 27 28
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc

include whitelist-var-common.inc
29 30

caps.drop all
31
nodbus
32
nogroups
Tad's avatar
Tad committed
33
nonewprivs
34
noroot
35
nou2f
36
protocol unix,inet,inet6
37 38 39
seccomp
shell none

40
private-bin gnome-mpv,youtube-dl,python*,env
Tad's avatar
Tad committed
41 42
private-dev
private-tmp
43 44 45

noexec ${HOME}
noexec /tmp