mediathekview.profile 1.12 KB
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for mediathekview
2
# Description: View streams from German public television stations
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include mediathekview.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
SYN-cook's avatar
SYN-cook committed
8

9 10 11 12 13 14 15 16 17 18
noblacklist ${HOME}/.config/mpv
noblacklist ${HOME}/.config/smplayer
noblacklist ${HOME}/.config/totem
noblacklist ${HOME}/.config/vlc
noblacklist ${HOME}/.config/xplayer
noblacklist ${HOME}/.java
noblacklist ${HOME}/.local/share/totem
noblacklist ${HOME}/.local/share/xplayer
noblacklist ${HOME}/.mediathek3
noblacklist ${HOME}/.mplayer
19
noblacklist ${VIDEOS}
Tad's avatar
Tad committed
20

21 22 23 24 25 26
# Allow access to java
noblacklist ${PATH}/java
noblacklist /usr/lib/java
noblacklist /etc/java
noblacklist /usr/share/java

27 28 29 30 31
include disable-common.inc
include disable-devel.inc
include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
32
include disable-xdg.inc
SYN-cook's avatar
SYN-cook committed
33

34
include whitelist-var-common.inc
35

SYN-cook's avatar
SYN-cook committed
36 37
caps.drop all
netfilter
Tad's avatar
Tad committed
38
nodvd
smitsohu's avatar
smitsohu committed
39
nogroups
SYN-cook's avatar
SYN-cook committed
40 41
nonewprivs
noroot
Tad's avatar
Tad committed
42
notv
43
nou2f
44
novideo
SYN-cook's avatar
SYN-cook committed
45 46 47 48
protocol unix,inet,inet6
seccomp
tracelog

49
private-cache
SYN-cook's avatar
SYN-cook committed
50 51
private-dev
private-tmp
Tad's avatar
Tad committed
52 53 54

noexec ${HOME}
noexec /tmp