rhythmbox.profile 829 Bytes
Newer Older
Tad's avatar
Tad committed
1
# Firejail profile for rhythmbox
2
# Description: Music player and organizer for GNOME
Tad's avatar
Tad committed
3 4
# This file is overwritten after every install/update
# Persistent local customizations
5
include rhythmbox.local
Tad's avatar
Tad committed
6
# Persistent global definitions
7
include globals.local
8

9
noblacklist ${MUSIC}
10
noblacklist ${HOME}/.local/share/rhythmbox
11

12 13
include disable-common.inc
include disable-devel.inc
14
# rhythmbox is using Python
15 16 17 18
#include disable-interpreters.inc
include disable-passwdmgr.inc
include disable-programs.inc
include disable-xdg.inc
19

20
include whitelist-var-common.inc
21

22
# apparmor - makes settings immutable
netblue30's avatar
netblue30 committed
23
caps.drop all
24
netfilter
Tad's avatar
Tad committed
25
# no3d
26
# nodbus - makes settings immutable
Fred-Barclay's avatar
Fred-Barclay committed
27
nogroups
28
nonewprivs
netblue30's avatar
netblue30 committed
29
noroot
Tad's avatar
Tad committed
30
notv
31
nou2f
Tad's avatar
Tad committed
32
novideo
33 34
protocol unix,inet,inet6
seccomp
Fred-Barclay's avatar
Fred-Barclay committed
35 36 37 38 39
shell none
tracelog

private-bin rhythmbox
private-dev
Fred-Barclay's avatar
Fred-Barclay committed
40
private-tmp
Tad's avatar
Tad committed
41 42 43

noexec ${HOME}
noexec /tmp